It is worth remembering that RSI Videofied's encryption had some very very serious issues.
Honeywell Owned Dragonfly Tested
** ****,********* ******** *** / ************ $*** *******. ********* ** ********* their ********* ******** ** "*** *** *** ******* **** ** RMR ********-**-*-***"
** ****** *** ****** ********* **** indoors *** ***, ******* ********* ********, video *******, ****** ********* *** ****, through ***** ****** ** ********* *******.
*******
** *** *****, *********'* ****** ********* was ********* ********, **** ** ***** alarms ** ***** ****** ** *******, and ** ****** ********** ****** **** testing (~** ******** *** *** *****).
*******, ***** *** *** ********* ********* in ******/********* *** ****** ***** ******** complexity *** *** ****/*** ********** ****** it ** ***** **:
- ******** ***** ** ***/******:*** **** *** ** *** ** disarm *** ********* ****** ** *** the ****** ***/*** ******. **** ***** that **** ********* **** ***** **** get ***** ***** ***, **** *** app, *** ****** ******/******* ***** ****** approaching ***** ****, ** **** *** trigger ******* *********. ***** ** ** option *** ***** ***** ** **** some ****** ****** *****, *** *** process ** *** ****.
- ** ******/**********:************, ***** ** ** ****** ********* for ****** *** ****** ** ***** leave, ********* *** ***** *** ** be ******** *** ***** *****. ** geofencing ** ********* ** ************* ***/******, either, * ******* ***** ** **** other ******-*** ******* ***** ******* (**** ** ****).
**** ***** *******
***** ******* *** ********** ** ********* an ******** *** ** *** ***** but ******* *** ***** **** ******** to ****** ** / ** *******. Identifying ******* **** ********* ** *******, even ** ***** ********, *** ** low ********** ***** (*******). ********* ***** may ** ****** *** ** *** outdoor ******'* ********** ** ************ ** some **********, *** ** *********** ** PIR ******** *** ****** ***** ** view.
******* ** ****, ********* ** *** a *********** *** * **** ***** surveillance ****** (*** ** ** ******** as ****).
Compared ** *********
*********'* ********* *********** ** ******* ** our**** **** ** *********'* ********** ******, **** ***** ********* *********** ****** specified ****** *** *** ***** ******.
********* ******* *** ***** ** *********'* more ****** ****** ******* ************ *** IMV6XX ****** *****, ***** **** *** key *********** ******** *** ******:
- ***** *******:******** ************* **** ********** ******* ****. Dragonfly **** ***** *******, ****** ******* an ** *** ******, ********* ** some ************* (*** *****).
- *** **** **: ***** ***** ********** has **** ********* ** ***, ****** event ***** ****** *******.
************, *********'* ********** **** ******** ****** arming/disarming ** **** ** * **** reader, ******** *** ***** ** *********.
*******
********* ******* ****** **$*** *** *** *** *** *** Indoor **************$*** *** *** *** *** *** Outdoor ************. *********************** *** $**/$*** (******/*******).
Online *****
********* ***** ****** ** ********* *** their ****** ***** [**** ** ****** available]. *********** *** **** ******** ******** at * ********** *********** ***.
************, ********* *** ****** ***** *** Dragonfly ****** ***** ***** * ******** code, ** **** ***** ** **** one ********* ********* ******, **** ***** ** ** ****** searches. ********* ******* * ********** ** monitoring ***** **** ***** ******* ********, ~60% *** ****. *******, **** ** not ******* ************ *** ******* *****.
Physical ********
*** ********* ****** ******** ** ****** and ******* *************, *********** ******** **** with ***** ** *******, ****** **** a ***, ***** ******** ******* *** transmits **** ** *****' ****** ******* and/or ******* ******* **********.
Highly ******** *********
** **** ** *** ****, ********* has **** ********* *** ***** ******* our ****** *** ~* ******, ** this *********** ***** ** ****:
****** **** ****, ** *************** ******, **** ***** ************ ******** as *** ** **** ****** ** in **** *****, * ********** *********. No ****** **** ********* ** ********, moving *******, ** ***** *******, **** at *** ***********.
************, ****** **** *******, ********* ****************** ******* ** ***, **** *** course ** **+ *********** ** ******* conditions, ********** ** *** ** ******** subjects ****** ** ******* ******.
Low ******* *****
******** ** ******* ** ******* *****, Dragonfly ***** ** **** *** **********, only *******, ******** ** ***** ***** is ******* ***** **** ** *** cost ******. ******* ** ****, ***** is ********** ** ********* ******* ** not ** ****** ******** ** *******, but ******** *** *********** *******.
*** *******, *** **** ***** ***** a **** *******, ******** * **** whacker, *** **** ** ********* (** not **********) ** ********* ***** ** video.
************, *** ******* ** *** *** an ** *** ******, ********* ** purplish **** ** ******* *****, **** here:
** *****, *** ************'* ***** ** IR ********* *** ** *** **** of *** ********, ******* **** ** the ***** ** ** ****** ***. Detection ** ******** *** ***** ********, but ** *******.
No **** *****
********* **** *** ******* **** *****, only ***** ***** ***** ** ****** detection. ***** *** ******* * ***** to ******* ****** ** ***** ** on ***** ********, *** **** ***** several ******* ** ********, ************ ****** up ** ** ******* ** *** tests. **** **** **** ** ******** are ***, ****** ********** **** ***** video (*******).
******* ***** ** ** **** *****, aiming ************* *** ** ********** ***********, as ***** **** ******** *** ********, then ******* * ***** *** **** for *** ***** ** ******** ** check ****** ********.
Limited ***/****** *************
********* ***** **** *** *** ****** the ****** *** *** ***. ***** is ** ****** *** *******, **** ******, **********, ** ***** method****** ** **** ***** *******. **** means **** **** ******* ***** ****/********, users **** ****** ***** *****, **** the ********* ***, *** ****** ***/** outdoor *****, *** ** *** **** when ********* ** ******.
*******, ******* ********* *** ** ****** outside, *** ******** ********* ****** * garage **** ** ***** ** *********'* documentation, ***** **** **** *** *** before ******* ***** ****** *** ******* in ** **** ********** ** *****. There ** ** ***** ***** ** up ** *** ******* ***** *** reduce ***** *********** *** ** **** issue, ****** ***** *** ***** ***** to ****** ** ******, **** *** long, ***.
** ****** ***/****** ** **** *****:
Limited ******
*******, ***** ** ** *** ** zone ******* ******* **** ****** *** outdoor (***** *** *********** *************). ** users *** *** *** * ************ covering ***** ******, *** *** *** covering *** **** ****, *** ********. All ****** ******* ** *** ******* devices *** ***** ********.
****** *** ******* ******* *** ** seen ******* ** *** ****** **** tab ** *** ***:
Event ****/*******
***** **** ******/********* ******* *** **** in ********, *** *** **** ******** a **** ** *** ****** ******, including ******, *********, ******, ********, *** live **** **, ***** *****. **** list **** ** ******** ******* ** find ******** ******, *** ****** ** searched ** ********. ******* ** ** alarm ** **** ** ******** *** corresponding ***** ** *****.
*******, *** **** *** ******** * "gallery" ** *** ***** ***** *** photos ****** ** ****, ******* ***** events **** ** ******/********* ** ***** status ******.
Andrew, thanks for sharing - very detailed post. Have you confirmed that they have fixed it in newer versions, your post is from November 2015, so curious if it has been fixed since then?
It was not fixed as of August 2016, that was the last time I checked. It would have required significant reworking to fix, and would likely not be possible with the hardware constraints in the panel.
Andrew,
Honeywell / RSI's response:
DragonFly uses a different protocol and transport and does not have the vulnerability you listed
They've kind of missed the point though.
The issues I found in the their original system were unforgivably bad. They indicate that RSI don't understand the threats present, how cryptography works, or how you deal with vulnerability reporting. These are all deeper issues than that specific vulnerability.
Have they fixed these other issues? Who knows.
I find it strange in this day and age that their direct online sales are only available to customers in the US. Am I missing something or is this just another example of Honeywell missing the point - in this case the potential size of the global consumer market?
There could be a number of reasons for this:
- All manufactures have different channel structures, depending on the region of the world in which they operate. It is very possible that there is an established "exclusive distributor" in other parts of the world, thus limiting Honeywell's online marketing.
- There could be specific, technology limitations that prevent Dragonfly from entering the global market. This could consist of, limited certifications (like our UL listing in the US is different than CE listing in European nations) video only being in NTSC, power limitations (US 110 VAC, Europe 220 VAC)...etc.
In short, there are many other considerations needed in order to enter the global market with tech hardware. I would also argue, the US market is a much larger, consumer driven market, so if successful here, than I am sure Honeywell will eventually open up to other, global markets.
All very easy issues to overcome, particularly as it's not a proper alarm panel, and you don't see the likes of Ring and similar consumer security companies limiting themselves to a single market. Just sounds like a very outdated business model, but that is also true for other Honeywell security products.
Ben, Honeywell / RSI's response to country availability:
We are launching DragonFly in Canada soon and there are other countries that are very interested in DragonFly as well.
Thanks for the feedback John! Certainly doesn't sound like it's going to be a global phenomenon!!