It is worth remembering that RSI Videofied's encryption had some very very serious issues.
Honeywell Owned Dragonfly Tested
Published Jun 02, 2017 17:27 PM
** ****,********* ******** *** / ************ $*** *******. ********* ** ********* their ********* ******** ** "*** *** *** ******* **** ** RMR ********-**-*-***"
** ****** *** ****** ********* **** indoors *** ***, ******* ********* ********, video *******, ****** ********* *** ****, through ***** ****** ** ********* *******.
*******
** *** *****, *********'* ****** ********* was ********* ********, **** ** ***** alarms ** ***** ****** ** *******, and ** ****** ********** ****** **** testing (~** ******** *** *** *****).
*******, ***** *** *** ********* ********* in ******/********* *** ****** ***** ******** complexity *** *** ****/*** ********** ****** it ** ***** **:
- ******** ***** ** ***/******:*** **** *** ** *** ** disarm *** ********* ****** ** *** the ****** ***/*** ******. **** ***** that **** ********* **** ***** **** get ***** ***** ***, **** *** app, *** ****** ******/******* ***** ****** approaching ***** ****, ** **** *** trigger ******* *********. ***** ** ** option *** ***** ***** ** **** some ****** ****** *****, *** *** process ** *** ****.
- ** ******/**********:************, ***** ** ** ****** ********* for ****** *** ****** ** ***** leave, ********* *** ***** *** ** be ******** *** ***** *****. ** geofencing ** ********* ** ************* ***/******, either, * ******* ***** ** **** other ******-*** ******* ***** ******* (**** ** ****).
**** ***** *******
***** ******* *** ********** ** ********* an ******** *** ** *** ***** but ******* *** ***** **** ******** to ****** ** / ** *******. Identifying ******* **** ********* ** *******, even ** ***** ********, *** ** low ********** ***** (*******). ********* ***** may ** ****** *** ** *** outdoor ******'* ********** ** ************ ** some **********, *** ** *********** ** PIR ******** *** ****** ***** ** view.
******* ** ****, ********* ** *** a *********** *** * **** ***** surveillance ****** (*** ** ** ******** as ****).
Compared ** *********
*********'* ********* *********** ** ******* ** our**** **** ** *********'* ********** ******, **** ***** ********* *********** ****** specified ****** *** *** ***** ******.
********* ******* *** ***** ** *********'* more ****** ****** ******* ************ *** IMV6XX ****** *****, ***** **** *** key *********** ******** *** ******:
- ***** *******:******** ************* **** ********** ******* ****. Dragonfly **** ***** *******, ****** ******* an ** *** ******, ********* ** some ************* (*** *****).
- *** **** **: ***** ***** ********** has **** ********* ** ***, ****** event ***** ****** *******.
************, *********'* ********** **** ******** ****** arming/disarming ** **** ** * **** reader, ******** *** ***** ** *********.
*******
********* ******* ****** **$*** *** *** *** *** *** Indoor **************$*** *** *** *** *** *** Outdoor ************. *********************** *** $**/$*** (******/*******).
Online *****
********* ***** ****** ** ********* *** their ****** ***** [**** ** ****** available]. *********** *** **** ******** ******** at * ********** *********** ***.
************, ********* *** ****** ***** *** Dragonfly ****** ***** ***** * ******** code, ** **** ***** ** **** one ********* ********* ******, **** ***** ** ** ****** searches. ********* ******* * ********** ** monitoring ***** **** ***** ******* ********, ~60% *** ****. *******, **** ** not ******* ************ *** ******* *****.
Physical ********
*** ********* ****** ******** ** ****** and ******* *************, *********** ******** **** with ***** ** *******, ****** **** a ***, ***** ******** ******* *** transmits **** ** *****' ****** ******* and/or ******* ******* **********.
Highly ******** *********
** **** ** *** ****, ********* has **** ********* *** ***** ******* our ****** *** ~* ******, ** this *********** ***** ** ****:
****** **** ****, ** *************** ******, **** ***** ************ ******** as *** ** **** ****** ** in **** *****, * ********** *********. No ****** **** ********* ** ********, moving *******, ** ***** *******, **** at *** ***********.
************, ****** **** *******, ********* ****************** ******* ** ***, **** *** course ** **+ *********** ** ******* conditions, ********** ** *** ** ******** subjects ****** ** ******* ******.
Low ******* *****
******** ** ******* ** ******* *****, Dragonfly ***** ** **** *** **********, only *******, ******** ** ***** ***** is ******* ***** **** ** *** cost ******. ******* ** ****, ***** is ********** ** ********* ******* ** not ** ****** ******** ** *******, but ******** *** *********** *******.
*** *******, *** **** ***** ***** a **** *******, ******** * **** whacker, *** **** ** ********* (** not **********) ** ********* ***** ** video.
************, *** ******* ** *** *** an ** *** ******, ********* ** purplish **** ** ******* *****, **** here:
** *****, *** ************'* ***** ** IR ********* *** ** *** **** of *** ********, ******* **** ** the ***** ** ** ****** ***. Detection ** ******** *** ***** ********, but ** *******.
No **** *****
********* **** *** ******* **** *****, only ***** ***** ***** ** ****** detection. ***** *** ******* * ***** to ******* ****** ** ***** ** on ***** ********, *** **** ***** several ******* ** ********, ************ ****** up ** ** ******* ** *** tests. **** **** **** ** ******** are ***, ****** ********** **** ***** video (*******).
******* ***** ** ** **** *****, aiming ************* *** ** ********** ***********, as ***** **** ******** *** ********, then ******* * ***** *** **** for *** ***** ** ******** ** check ****** ********.
Limited ***/****** *************
********* ***** **** *** *** ****** the ****** *** *** ***. ***** is ** ****** *** *******, **** ******, **********, ** ***** method****** ** **** ***** *******. **** means **** **** ******* ***** ****/********, users **** ****** ***** *****, **** the ********* ***, *** ****** ***/** outdoor *****, *** ** *** **** when ********* ** ******.
*******, ******* ********* *** ** ****** outside, *** ******** ********* ****** * garage **** ** ***** ** *********'* documentation, ***** **** **** *** *** before ******* ***** ****** *** ******* in ** **** ********** ** *****. There ** ** ***** ***** ** up ** *** ******* ***** *** reduce ***** *********** *** ** **** issue, ****** ***** *** ***** ***** to ****** ** ******, **** *** long, ***.
** ****** ***/****** ** **** *****:
Limited ******
*******, ***** ** ** *** ** zone ******* ******* **** ****** *** outdoor (***** *** *********** *************). ** users *** *** *** * ************ covering ***** ******, *** *** *** covering *** **** ****, *** ********. All ****** ******* ** *** ******* devices *** ***** ********.
****** *** ******* ******* *** ** seen ******* ** *** ****** **** tab ** *** ***:
Event ****/*******
***** **** ******/********* ******* *** **** in ********, *** *** **** ******** a **** ** *** ****** ******, including ******, *********, ******, ********, *** live **** **, ***** *****. **** list **** ** ******** ******* ** find ******** ******, *** ****** ** searched ** ********. ******* ** ** alarm ** **** ** ******** *** corresponding ***** ** *****.
*******, *** **** *** ******** * "gallery" ** *** ***** ***** *** photos ****** ** ****, ******* ***** events **** ** ******/********* ** ***** status ******.
Comments (10)
AT
Andrew Tierney
Jun 07, 2017JH
John Honovich
Jun 07, 2017Andrew, thanks for sharing - very detailed post. Have you confirmed that they have fixed it in newer versions, your post is from November 2015, so curious if it has been fixed since then?
AT
Andrew Tierney
Jun 07, 2017It was not fixed as of August 2016, that was the last time I checked. It would have required significant reworking to fix, and would likely not be possible with the hardware constraints in the panel.
JH
John Honovich
Jun 09, 2017Andrew,
Honeywell / RSI's response:
DragonFly uses a different protocol and transport and does not have the vulnerability you listed
AT
Andrew Tierney
Jun 09, 2017They've kind of missed the point though.
The issues I found in the their original system were unforgivably bad. They indicate that RSI don't understand the threats present, how cryptography works, or how you deal with vulnerability reporting. These are all deeper issues than that specific vulnerability.
Have they fixed these other issues? Who knows.
BC
Ben Clay
Jun 07, 2017I find it strange in this day and age that their direct online sales are only available to customers in the US. Am I missing something or is this just another example of Honeywell missing the point - in this case the potential size of the global consumer market?
JB
Josh Bylsma
Jun 07, 2017There could be a number of reasons for this:
- All manufactures have different channel structures, depending on the region of the world in which they operate. It is very possible that there is an established "exclusive distributor" in other parts of the world, thus limiting Honeywell's online marketing.
- There could be specific, technology limitations that prevent Dragonfly from entering the global market. This could consist of, limited certifications (like our UL listing in the US is different than CE listing in European nations) video only being in NTSC, power limitations (US 110 VAC, Europe 220 VAC)...etc.
In short, there are many other considerations needed in order to enter the global market with tech hardware. I would also argue, the US market is a much larger, consumer driven market, so if successful here, than I am sure Honeywell will eventually open up to other, global markets.
BC
Ben Clay
Jun 07, 2017All very easy issues to overcome, particularly as it's not a proper alarm panel, and you don't see the likes of Ring and similar consumer security companies limiting themselves to a single market. Just sounds like a very outdated business model, but that is also true for other Honeywell security products.
JH
John Honovich
Jun 09, 2017Ben, Honeywell / RSI's response to country availability:
We are launching DragonFly in Canada soon and there are other countries that are very interested in DragonFly as well.
BC
Ben Clay
Jun 09, 2017Thanks for the feedback John! Certainly doesn't sound like it's going to be a global phenomenon!!