The Interceptor Aims To Fix Vulnerability In Millions of Alarm Systems

By: Brian Rhodes, Published on Jan 08, 2018

Security executive Jeffery Zwirn claims a 'catastrophic' flaw exists in 'millions of alarm systems', and dealers could be liable if not fixed. His product, The Interceptor prevents a thief or building fire from locking up an alarm panel to prevent it from dialing out, sounding keypad alarms, or from triggering alarm messages at the worst possible time.

Alarm Industry Liable For 'Not State Of The Art' Systems

Zwirn told IPVM: "Shorted wiring on the databus is a significant vulnerability to expected function" that he "sees often during forensic alarm failure investigations." He forwarded us a legal opinion deeming stock panels a legal liability and not 'state of the art' unless equipped with The Interceptor:

"Manufacturers of security alarm panels, distributors and dealers are all at risk for lawsuits based on strict product liability, negligence and breach of implied warranties if a product placed into the stream of commerce and sold to a customer is dangerous or defective and causes or contributes to personal injury or property damage. These lawsuits cost manufacturers, distributors, dealers and their insurers millions upon millions of dollars in losses each and every year."

The Problem: Shorting Panel Devices Can Lock Them Up

The Interceptor addresses the shorting out of powered serial databus channels causing all connected devices to 'lock up' and become unresponsive. Shorts can occur when a building fire melts cables, or when a burglar knows how to tamper with a system keypad at an entrance.

His solution for making panels 'state of the art' adds a power supervision card, preventing line shorts from killing the attached devices and ensures that critical devices like communicators still dial out if trouble happens.

Installation is described as 'simple, but not DIY' ~ 20-minute process for alarm installers, following similar schematic locations regardless of panel:

Importantly, the product does not draw power from the panel directly, but rather is tied into the panel's backup battery, thereby avoiding the 'electrical short' condition that disables the entire bus. Rather, devices normally directly connected to the panel's data bus are then connected to The Interceptor instead.

Get Notified of Video Surveillance Breaking News
Get Notified of Video Surveillance Breaking News

How Shorted Databus Wiring Happens

Zwirn explains two primary methods that alarms are vulnerable to shorted databus:

Building Fires

If alarm cables melt together during a fire, the panel databus can be shorted, and especially since this cabling often runs through attics and crawlspaces it is generally vulnerable to high heat. Even an indirect exposure to fire can damage the wires and potentially render the system inoperable.

Disabling During Break-Ins

Another way databus wiring can be shorted requires technical knowledge and time during a burglary. When an intruder breaks into a home, they locate a keypad (often located at a garage door or non-perimeter door), remove it from a wall, jump or twist together two of the wires on the back, and do this before the system calls out to a central station.

This exploit also is contingent on a hardwired, not wireless, keypad being found. Otherwise, the exploit requires finding a hardwired motion sensor, climbing up high enough (via ladder) and again shorting wires on the back before a monitoring station call is made.

Panel Databus Explained

Hardwired alarm panels typically include connection ports for devices that are not simple NO (normally open) and NC (normally closed) contact sensors. The 'databus' is often used for inputting commands and settings into the alarm panel, and system keypads are generally connected on these types of ports.

While the exact name of these ports vary by manufacturer, they are identified by the fact they include 2 data connections (TX/RX) and 2 power connections (+/-) per port. The image below shows an example of databus ports on a Bosch G-Series panel:

The Interceptor Product Overview

The developer's demo video is embedded below and show the particulars of how the board connects to a typical panel system:

Add-in Supervision Board

The product is a small ~5" X 3.5" circuit board that retrofits inside existing alarm panel enclosures. The card has as MSRP of ~$120, and one per bus channel is needed, typically one unit per panel.

Alarm devices normally connected directly to a panel are then attached to this card, which is individually fused and draws power from the system's battery:

Intrusion devices typically installed on these channels include parallel wired keypads, motion sensors, zone expanders, communicators, and auxiliary relays. However, the card is not used on individual alarm zones or zoned components like door/window contacts, glass break sensors, or wireless sensors using a board integrated radio. These types of connections are not generally vulnerable to the electrical short risk, nor are they parallel powered, so The Interceptor has no impact.

Not Replaced By Central Station 'Check-Ins'

Zwirn says it is not likely that central stations 'heartbeat' or 'check-in' polling, where the station calls back to the panel rather than the panel calling the station, could detect a shorted databus.

Those check-ins are intermittent intervals, often scheduled once per day or even once per month. The 'heartbeat' is used to confirm 'all is well' with a panel without the panel initiating it, and is helpful in discovering panel problems if no message is sent. Moreover, Zwirn says even if such a function was operable even at the exact time as a genuine security event was occurring, that exception would likely be classified as a 'trouble' event, not a full-fledged 'alarm' that triggers first responder dispatch.

Problem In Some, Not All, Panels

However, not all alarm panels are vulnerable to the problem The Interceptor addresses. Traditional, panel-based, hardwired alarm systems can be, but the majority of 'all-in-one' combo system most likely have integrated system keypads, and radio modules often are plugged into slots not using data bus channels at all.

Zwirn specifically identifies two common systems as candidates to use The Interceptor in company literature, citing particular 'system popularity in the residential market':

Additionally, systems providing a powered, serial-type data bus channel (like Elk M1) can be retrofitted with the card.

However, the developer has not tested the card with all systems using a data bus. For example, DMP XR Series and Bosch G-Series Intrusion have not been tested by the company as benefiting or needing the card.

Unneeded In All-In-One Wireless Systems

Additionally, one of the most popular residential alarm system form factors will not benefit from the card, including 2Gig Intrusion Panels, Honeywell's LYNX Touch 5100, DMP XTLPlus / Secura, and DIY offerings like Honeywell Indiegogo-Funded DIY Intrusion System, Simplisafe, Nest Secure, Canary, and the onslaught of many others in the consumer space.

For Panel Makers, Not Field Fixable, But Not Significant Problem

A big factor in the lack of uptake of The Interceptor is the cost and complexity of physically adding in this component to the millions of panels in use. Zwirn tells us that despite approaching several manufacturers with his solution, none have yet expressed interesting in adding it or licensing it in their designs.

Perhaps more than any other indicator, this reflects the issue The Interceptor addresses is not considered a significant problem, nor has been a considerable source of concern for either end users or panel manufacturers.

Potential Disadvantages

In terms of product success, The Interceptor faces some obstacles. We see two major problems that could limit acceptance:

  • Risk Too Small: Even beyond whether or not The Interceptor works is the question whether the risk it addresses is significant enough to warrant resolving. In general, the risk of burglars breaking in to a house or business fast enough and then shorting out a keypad is contrary to the typical 'smash & grab' archetype burglary where a thief enters, steals, and exits as quickly as possible.
  • A Feature, Not Product: The long-term outlook is clouded by requiring purchase of a separately installed device that might be otherwise resolved by the manufacturer through a product redesign. Zwirn says he is open to licensing his solution to manufacturers, potentially reducing development time and more rapidly addressing a 'widespread' safety issue.

Vote / Poll

2 reports cite this report:

"UL Has Blood On Their Hands" Alleges The Interceptor / Keith Jentoft on Oct 14, 2019
"UL has blood on their hands" alleges Keith Jentoft of "The Interceptor Project". We examined The Interceptor in-depth last year, see: The...
Simplisafe 'All New' Generation 3 Tested on Feb 08, 2018
Feared by the traditional alarm industry, Simplisafe has launched its 'all new' Generation 3 platform that they declare is "Stronger. Faster....

Comments (198)

Only IPVM Members may comment. Login or Join.

Yes, I wouldn't be surprised to learn it's possible to blow the panel by shorting the data bus, but so what? The data bus is going to be on the protected side anyway.

I'm sure that, with practice, a bad guy could learn to pull the keypad off the wall, yank the wire, and short the bus before the delay ends, but I don't feel real confident that they could pull that maneuver off perfectly every time. 

And fires? Please. How often does it happen that a fire is so fast and intense that it melts bus cables together but doesn't hit the smoke detector? 

Any intrusion detection system designer needs to take unlikely events into account, and mitigate even unlikely possibilities, just in case, but calling it a "catastrophic" flaw is overstating things. 

Mr. Erenthal: 

Thank you very much for your post regarding the Interceptor.

There is no protected side on the data-bus of the Honeywell Vista Line of Control Panels or on the Interlogix Concord IV Control Panel.

In other words, once the data-bus wiring is shorted out, whether accidentally or intentionally, all other equipment which is required to be connected to the data-bus wiring in parallel, such as an Alarm Net Radio for the Vista Control Panels or an Alarm.com radio for the UTC Control Panels (wireless radio alarm transmitters) this equipment will instantly fail to function. 

If you have anything which technically supports that the data-bus wiring and all connected devices which reside on same will continue to function when there is a short on the data-bus, please send it to me or post it on this portal. 

Kindly review my other response, as what you posit is not consistent with the limitations of all of the Honeywell Vista Control Panels, the Interlogix UTC Concord IV Control Panels and many other Control Panels. 

As to fire impeding the data-bus wiring, attic fires are so commonplace that NFPA 72 recommends that rate of rise heat detectors be installed in these critical areas of the protected premises. Obviously, a rate of rise heat detector cannot provide ubiquitous coverage and even if it could, it is not an early warning device.

Concurrently, a smoke detector in the common area of the premises, is not technically capable of detecting a fire in the attic of a premises, and until such time that the fire penetrates into the footprint of the home, and the particles of combustion reach the smoke detector, it will not be activated.

The control panel data-bus wiring vulnerability identified by Zwirn Corporation is a serious one, both to equipment manufacturers, and to each of the companies who select and install these products.

I look forward to your feedback. 

Respectfully submitted, 

Jeffrey D. Zwirn, CPP, CFPS, CFE, FACFEI, CHS-IV, SET, CCI, MBAT, Zwirn Corporation

 

 

 

 

Look, Jeffrey, everybody knows you're one of the most knowledgeable people in this business. I don't think you're wrong here, I just think you're overstating the likelihood of a problem occurring. 

When I said "protected side", I meant the alarmed area. You're forgetting that your bad guy (probably) has to get past a contact to get to the bus line. 

I agree that it takes no technical skill to rip a keypad off the wall. However, if you're using CP-01 standards, the entry delay will be set to 30 seconds. So your bad guy has 30 seconds to get inside, find the keypad, rip it off the wall, yank the wire, and short the bus. It can be done in 30 seconds, but it's much less of a sure thing than you make it sound. 

I am skeptical that dipping a keypad into a bucket of water is a reliable way to short the bus and blow the panel. I am extremely skeptical that this can be done in 30 seconds. I'm not saying it's impossible, I'm saying the timing seems iffy. 

As far as fire goes, it is my understanding that a RoR detector is an early warning detector by definition. Am I wrong?

Ari: 

 

Thank you for your response and your comments about me. i would never overstate what involves the safety, security and life safety on a security system. Remember there are four stages to a fire. Incipient, smoldering, flame and heat and we are talking about a Rate of Rise Heat Detector here.

Clearly, if a Rate of Rise Heat Detector was an early warning device, which it is not, besides what I have elaborated to above, the equipment manufacturers of this equipment would not note the following warning regarding the limitations on this equipment which they manufacturer and sell. It specifically states the following in capital letters, HEAT DETECTOR NOT A LIFE SAFETY DEVICE.

Similarly, no AHJ would ever provide a Certificate of Occupancy to any home if they only had Rate of Rise Heat Detectors in a premises. Needless to say, for household applications, only a Smoke Detector can provide for early warning detection. Of course, the system needs to be professionally designed and installed.

In any event, for further information on Rate of Rise Heat Detectors please review NFPA 72 of the National Fire Alarm Code and NFPA 72 of the National Fire Alarm and Signaling Code, The Fire Protection Handbook, by the National Fire Protection Association and my Peer Reviewed book The Alarm Science Manual. 

To give you an example of how commonplace fire attacking the data-bus wiring is; fires which start in an attached garage usually burn their way into and through the exit/entry door of the home from my investigative experience being the path of least resistance. Generally, in close proximity to this door is the data-bus wiring which connects to the keypad for this exit entry door.

I have forensically witnessed this happen time and time again and unless you are out in the field forensically investigating fire and burglary losses like I have since 1980, I would not expect you to be familiar at all with what I personally seen firsthand.

This is not dramatic, this is a recipe for disaster and in the cases where I have seen the aforementioned and when a fire starts in the wall or in the attic of a home or building, what I have found consistently, is that anytime a fire comes in contact with the data-bus wiring or the power output wiring of the alarm system,  the wire always shorts. Furthermore, there is nothing else on an alarm system which is not supervised except for the data-bus wiring. Surely this defies logic.

In other words, do you think that any customer would ever knowingly purchase an alarm system if they knew that the all of the data-bus wiring which is running throughout their home is susceptible to fire impeding it, and as a result, it (the fire attacking the data-bus wiring, will instantly shut down any external dual diversity wireless radio receivers and/or any wireless radio alarm transmitters, since this equipment is required to connect in parallel to the data-bus in order for the subscriber to be equipped with wireless communications to the central station and have an app and remote control of their security system on their phone? 

To that end, I have found in the studies which I have conduced that no customer would ever knowingly accept this vulnerability on their security system. 

In 40% percent of the fire cases which I have investigated, the data-bus wiring is damaged by the fire. With this in mind, this is an unacceptable number. Conversely, with the Interceptor installed on the security system it will protect the data-bus from an accidental short or intentional attack 100% percent of the time.

With regards to an intruder attacking the system keypad, I have witnessed it first hand and my work as an active 18 year Designated Expert Instructor to the New York City Police Department has also provided me with other case studies where law enforcement has witnessed it as well.  I have seen at least 150 successful burglaries where the keypad was attacked, and/or a motion detector was attacked and as a result the alarm system failed. In fact, I know of at least two alarm distribution warehouses where an intruder followed this methodology and was successful. Luckily, I know of one case where the intruder was caught in that when he went to sell the alarm equipment on eBay it was found out and he was arrested. 

As to shorting out the system with a bucket of water, I investigated a case where I found the system keypad sitting in a bucket of water. 

The data-bus attack is foreseeable and has happened across the country. Coming full circle, if the technical community of the alarm industry does not pay attention to the equipment that we select and install, including foreseeable vulnerabilities which are designed into same, more people will be seriously injured and/or die as a result of same, or there will be a loss of assets under these circumstances, and in my opinion, this identified defect is not something that the professional alarm industry should have to accept. 

Imagine, if one of your customers was seriously injured or died as a result of an alleged alarm system failure and during my forensic investigation I find that the fire impeded the data-bus wiring. How are you going to defend what you knew could have protected the system, changed the outcome and either significantly minimized the damages or eliminated them?

Certainly, the alarm equipment manufacturer is not going to defend and idemnify you and your company, and while I am sure that you have insurance in force how many claims can you have before your insurance policy is cancelled, or what if the jury verdict against your company exceeded the amount of coverage on your policy? 

At the end of the day, the professional alarm industry is duty bound to help protect their customers and disregarding this serious control panel vulnerability does not change anything.  Besides, all alarm companies hold themselves out as experts so do you want to be that person who has to defend what is not defensible, and are you really providing peace of mind with a data-bus that is completely unprotected? The only answer is no. 

I would also like to share with you what some of the alarm companies who currently buy the Interceptor are doing. They are marketing the Interceptor to get new subscribers in that they demo an exemplar control panel and short out the data-bus. When the customer sees that their system (the exemplar) and their wireless radio alarm transmitter instantly fails, by all of the on-board radios light emitting diodes turning off, the customer is simply astonished and very upset. 

At this point, the new alarm company, trying to increase their RMR and to better protect the customer shows the potential customer what happens with their system once the Interceptor is installed, in that it is protected, instead of instantly failing.

Furthermore, the alarm system company either charges the new customer for the Interceptor at a profit, or installs it for free.  Stated differently, how can an alarm company distinguish themselves from others, including the plethora of mass marketers aggressively offering alarm monitoring for sometimes half the cost of what the industry charges?

Many alarm contractors have found that the Interceptor is their answer, and at just $120, or less, based on quantity purchasing, the Interceptor will not only make the alarm system safer, but it will help save alarm companies the average cost of purchasing monitored systems, on average, between a 30 and 40 multiple per account. 

The way that some alarm companies are marketing the Interceptor is that they show a photo of a Honeywell and/or a Concord IV keypad and state, that if you have this alarm system, you may be at risk. Ask us how we can make your alarm system safer. 

The best time to limit your liability is before a loss occurs and my invention accomplishes this mission critical task. Finally, if the Interceptor saves just one life it was well worth having it installed on the security systems which you install.

Respectfully submitted, 

Jeffrey D. Zwirn, CPP, CFPS, CFE, FACFEI, CHS-IV, SET, CCI, MBAT, Zwirn Corporation

 

 

 

 

 

 

 

 

 

 

 

 

 

To give you an example of how commonplace fire attacking the data-bus wiring is; fires which start in an attached garage usually burn their way into and through the exit/entry door of the home from my investigative experience being the path of least resistance. Generally, in close proximity to this door is the data-bus wiring which connects to the keypad for this exit entry door.

You need to hire a competent marketing person, seriously. A variant of the above statement should be prominent on your site, it is a concrete example of a scenario that people can relate to, and see the value in your product. The majority of what is on the site, and much of what you have written here, is too abstract, too technical, or just otherwise distracting from people understanding the real-world benefits as it relates to their personal system.

I would also like to share with you what some of the alarm companies who currently buy the Interceptor are doing. They are marketing the Interceptor to get new subscribers in that they demo an exemplar control panel and short out the data-bus.

This too (in a wore direct/less wordy approach). This is relatable data that dealers can/should see value in.

I have seen at least 150 successful burglaries where the keypad was attacked, and/or a motion detector was attacked and as a result the alarm system failed. 

Semi-related, 150? That number is so low as to make it seem like this is a super edge-case scenario (similar to some of the questions also raised here). How many successful burglaries were the result of simple system failures that would have killed the system before we even get to worrying about databus protection? (note: the preceding is a rhetorical question, I do not need a response, just pointing out another area where you could improve your marketing/pitch). Stating you have seen 150 cases, in what has presumably been a long career in a high-density/high-crime area makes this seem like selling flood insurance in Denver.

Brian: 

Thank you very much for your feedback. 150 may seem low but if you are the customer who suffers a loss and the alarm system fails but for having the Interceptor installed on the system, than it becomes much more material. My point here is quite simple, the criminal element is becoming more sophisticated, so the alarm and security industry needs be on top of making alarm systems safer; from all types of foreseeable threats and weaknesses that can negatively impact upon the functionality and reliability of any security system. If you do not pay attention to liability it will pay attention to you. In other words, if a security system has an inherent defect, we need to provide education to equipment manufacturers and customers alike so that their loss potential is reduced.

Respectfully submitted,

Jeffrey D. Zwirn, CPP, CFPS, CFE, FACFEI, CHS-IV, SET, CCI, MBAT, Zwirn Corporation

150 may seem low but if you are the customer who suffers a loss

Jeff, one thing that might help communicate the issue is referencing it in percentage terms.

For example, your quote:

I have seen at least 150 successful burglaries where the keypad was attacked, and/or a motion detector was attacked and as a result the alarm system failed.

Is that out of 300, 1,000 or 10,000 burglaries you've reviewed? Getting a sense of how relatively common it is as an attack would help give context to how much weight should be given to fixing the problem.

Also, what percentage of those 150 successful burglaries where the alarm system has failed would not have failed if the Interceptor was used? The higher that percentage is, the stronger the case, etc.

Thank you John.

Seen it happen on an alarm. Bus was shorted, confused the alarm. Still sent the signals to our central station though.

Risco actually make a board similar to this to sit on their 485 bus line. You can also think about how you wire the system so vulnerable data buses for lets say external sirens wouldn't mix with more critical internal detection bus circuits. In the same way as we mix the power supply lines. 

To Whom It May Concern: 

Please identify the RISCO product which you state is similar to the Interceptor. 

As to wiring the data-bus differently, the external sirens are already connected to a different part of the control panels identified, so this point is moot, and many other control panels which have also been sold for years also have this dangerous vulnerability on their data-bus as well.  In any event, the issue here is not about the sirens, it is about how a short on the data-bus wiring will instantly impede external wireless radio alarm receivers and wireless radio alarm transmitters.

That being said, if the keypad data-bus wiring is accidentally or intentionally shorted out, there is nothing you can do to protect an external dual diversity radio receiving unit or a wireless radio alarm transmitter, since it is required to be connected in parallel to the data-bus. Until now, with the Interceptor.

In a basis sense, think of how double-pole, double-throw telephone line seizure works.

The Interceptor is an advanced microprocessor and it electronically monitors and separates all of the field devices from the mission critical devices on the security system.

The Inteceptor is also ETL Listed to UL 1023, UL 985 and UL 365. 

I look forward to your feedback. 

Thank you. 

Respectfully submitted, 

Jeffrey D. Zwirn, CPP, CFPS, CFE, FACFEI, CHS-IV,P SET, CCI, MBAT 

 

Hi, thanks for the message. The risco product is similar but not the same. 

https://www.riscogroup.com/products/product/6246

 

I can see where you are coming from. Rewind 4 years ago and nobody used the ODB port on a car to steal it. Now its commonplace due to the vast array of tools available. I can see no reason why the same wont be true to the databus of an alarm system.

Regarding the sirens, some alarm have a single bus and where the siren is wired via RS485 it potentially can be upset by a short / damage.

nice find!

 16). Each BUS Zone Expander creates a separate BUS branch, which is used only for BUS detectors connected to him. The separate BUS branch increases the total security of the system in case a determined BUS detector will be sabotaged

So the claim is that the on-board dialer serial device is wired in parallel with the keypad?

 

 

The claim and reality of what is integral to all Honeywell Vista Control Panels is that any equipment which is required to be connected in parallel to the systems data-bus is subject to instantly fail, if there is an accidental or intentional short on the data-bus wiring from any of the field devices, such as any of the systems keypads or any of the loop powered sensors which are also integral to the (+) and (-) power which powers the data-bus.

In-rush current attacks on the data-bus wiring is also protected by the Interceptor, as without the Interceptor, a perpetrator could TASER or connect an extension cord to the data-bus and again circumvent the alarm system.

Please see the attached schematics which are referenced in the article that Mr. Rhodes of IPVM wrote about regarding the Interceptor. These schematics were supplied by Zwirn Corporation and reflect the control panels equipment manufacturers specifications.

This is not a DACT issue per se, it is a wireless radio alarm transmitter, and other connected to the data-bus equipment issue, which on an Alarm Net radio, it is required to be connected in parallel to the data bus in order for it to operate and be able to wirelessly communicate to the Central Station during an alarm or trouble condition  

Having said that, alarm.com wireless radios are also required to have the data side of their equipment connected to the data-bus as well. The UTC Concord IV is another one of the control panels which has the same inherently dangerous vulnerability. 

The foregoing opinions are held to a reasonable degree of alarm science, technical, and professional certainty.

Thank you for your feedback.

Respectfully submitted, 

Jeffrey D. Zwirn, CPP, CFPS, CFE, FACFEI, CHS-IV,P SET, CCI, MBAT

Jeff Zwirn responded to this post.  Here are his comments:

"Here is what I think is both objective, unbiased and critically important to subsume within same for your readers.

It takes no technical skill to rip a keypad off of the wall to short out the data bus wiring or an intruder can simply put the keypad in a bucket of water.

Most home and business systems do not have wireless keypads, they are hardwired and the rationale behind same is quite simple; true wireless keypads do not and cannot provide audible and visual detail like a hardwired keypad does. By way of example, installing an alpha keypad.

The feedback from the manufacturers who I spoke with, was that they would rather not let the public know about it as they are concerned with their liability and they would not put that in writing for obvious reasons. On the other hand, another manufacturer simply said that they are not entertaining any new ideas, without even appearing to look at the risk and vulnerabilities.

The primary life safety function of the Interceptor is for homeowners and their families since most fatal fires happen between 12 and 4 am and once the data-bus is shorted the wireless receiver is rendered non-functional unless it is built into the control panel and any radio that connect to the data-bus are instantly rendered non-functional.

The vast majority of wireless radio alarm transmitters that are being installed today are one-way radios (due to the higher cost differential in equipment and the additional cost of constant polling versus daily, weekly and monthly check-in with the central station) in that they (the one-way radios) can only test in daily, weekly or monthly and even if they test in the successful signal only identifies that the respective system was working at that time. Two-way radios can check in every 5 minutes, but if they fail to test in; it is generally considered a trouble condition even though it should be considered a burglar alarm signal. To fully understand the criticality of time, NFPA 72 requires retransmission of all fire alarm signals to the fire department or to a 911 communication center by the remote station within 90 seconds of receipt of these signals.

Therefore, if a fire attacks the data-bus, not only will the fire department not be notified by the remote station; but at best the remote station, to the extent that a two way radio is installed, would only consider the signal a low priority burglar alarm signal, based on a loss of communications. Equally important is that if the data-bus is attacked by fire, wireless smoke detectors and rate of rise heat detectors in the premises will not be heard by the control panel's wireless receiver in order to be able to alert the occupants of the home of the fire emergency, so they the family can escape before the premises become untenable. Notably, NFPA 72 assumes that the persons in the home can self escape from the home fire before it becomes untenable in the premises to occupy. Therefore, notwithstanding the remote station receiving the proper fire alarm signal, the occupants of the home may never hear the fire alarm sound, and all of the system keypads will not sound either."

I have been forensically examining alarm system cases and claims nationally since 1980 and during germane time periods I have investigated cases and claims whereby the data-bus wiring was either accidentally damaged by fire or intentionally damaged by an intruder.

Consequently, the alarm system failed to function and the central station did not receive an alarm system as it should have, whether it was a fire alarm signal or a burglar alarm signal which the alarm systems control panel should have transmitted to the central station.

People have actually died, because the survivors of the fire reported to me that the alarm system never sounded, and but for the data-bus being impeded, as I was able to forensically identify on-site, the central station would have received an alarm condition from the systems communications path, which was a wireless radio alarm transmitter.

Anyone suggesting that the data-bus wiring in the attic of a home or business or in the walls of the premises, will not be damaged and/or is not susceptible to fire damaging it before a smoke detector in the footprint of the home can activate the alarm system, is basing it on erroneous assumptions.

Undeniably, smoke detectors can only detect the visible and invisible particles of combustion that reach the detector, and since the data-bus wiring which is installed throughout the premises attic, and in the walls of the premises, creates a barrier from smoke reaching a common area smoke detector, the risk is not only foreseeable but it is an unacceptable danger which needs to be addressed. 

It is important to note that Veteran Alarm System Industry Attorney Micheal Revness of Kurtz and Revness, was asked to provide an independent legal analysis and opinion regarding the issues identified, as it relates to equipment manufacturers, alarm companies and system integrator's, to the extent that the data-bus wiring accidentally becomes shorted out by a fire, or otherwise, and/or to the extent that an intentional short occurs on the data-bus wiring by an intruder. Notably, Mr. Revness was not paid by Zwirn Corporation for this legal analysis or opinion.

Against the foregoing backdrop, the legal opinion letter which Attorney Revness provided unilaterally supports the criticality of the Interceptor being provided as an add-on device to any alarm system, or for the Interceptor technology to be incorporated into all control panels which are manufactured today. 

Certainly, if any member has questions regarding the Interceptor I am glad to respond either through jeffzwirn@alarmexpert.com or through this IPVM portal.

Respectfully submitted,

Jeffrey D. Zwirn, CPP, CFPS, FACFEI, CHS-IV, SET, CCI, MBAT  Zwirn Corporation

1-800-353-0733

 

 

 

 

Thanks for the comment.

Jeffery, are you claiming that the on-board dialer serial device is essentially wired in parallel with the keypad, and thus rendered inoperative when the keypad is shorted?  Or is it that the power is shunted, starving the uart/dialer from working?

No. Please see the attached documentation on the Interceptor. 

Jeffrey D. Zwirn, CPP, CFPS, CFE, FACFEI, CHS-IV,P SET, CCI, MBAT

"...to the extent that the data-bus wiring accidentally becomes shorted out by a fire, or otherwise, and/or to the extent that an intentional short occurs on the data-bus wiring by an intruder."

what percentage of identifiable shorts were attributed to fire vs intentional shorting by an intruder?

I ask because I think you only add the 'and/or' clarifier for dramatic effect. i.e. nobody intentionally shorted any panels.

I have already answered that question in my response to another member. Please review same. There is no dramatic effect here, except what will happen if the control panel set does not have the Interceptor installed or if its technology is not part of or incorporated into the control panel.

To the contrary of any concerns about the risk, my expert opinions are based on forensically investigating cases and claims since 1980 and nationally. Be that as it may, with regards to alarm.com, Alarm Net Radios, and others; during the time that this equipment became available to the marketplace, is when I started seeing this problem with both accidental and intentional attacks on the data-bus. For clarity both of these referenced radio manufacturers provide good equipment, but this control panel defect unacceptably impairs their ability to function reliably during an emergency and in the circumstances noted. Both alarm.com and Alarm Net Radios are the respective owners of their trademarked names. 

Respectfully submitted, 

Jeffrey D. Zwirn, CPP, CFPS, CFE, FACFEI, CHS-IV,P SET, CCI, MBAT, President Zwirn Corporation

Please look at the attached schematics. The focus is not what is connected to the phone line such as a DACT; it is when an alarm company utilizes a GSM, CDMA, or HSPA Wireless Radio Alarm Transmitter for Central Station Communications "only" for the Central Station Communications Path.

The majority of the technical community of the alarm industry is not connecting to phone lines for many reasons, including line cuts and VOIP, ergo the popularity of ALARM NET and ALARM.COM has exploded, and rightfully so. 

JDZ

Zwirn Corporation

 

The majority of the technical community of the alarm industry is not connecting to phone lines for many reasons...

I was just asking because mine does and the article talks about the system being prevented from ‘dialing out’ at the top.

Even though the industry is moving/has moved away from on-board dialers, do the boards still contain the functionality typically?

Is there any verbiage for UL installations about the protection of the databus wires? (not including keypad tamper)

Ive seen a movie/show or two that had people breaking in and disabling the system from behind the keypad but I always thought it was fake. 

Thank you for your feedback.

UL does not address and/or test for an accidental and/or an intentional short on the control panels data-bus to see if the control panel and all equipment connected to it will be negatively impacted. Clearly, if they did, the control panels referenced, and others not referenced, would instantly fail during this test methodology. Similarly, there is no keypad tamper requirement in UL 681, UL 1023 or in any UL Standard which I am aware of.

There is nothing fake with intentional attacks by the criminal element onto the data-bus wiring of an alarm system. They do not happen everyday, but this attack method has happened across the country, and the Interceptor electronically protects against this vulnerability, plus it makes the alarm system safer for data-bus wiring being impeded by fire.

Respectfully submitted,

Jeffrey D. Zwirn, CPP, CFPS, CFE, FACFEI, CHS-IV, SET, CCI, MBAT, Zwirn Corporation

I can't speak to the alarm bus issue, but the latest building code in DC can be interpreted to require certain sections of emergency responder radio systems (emergency DAS) interconnect cabling to be two-hour rated.  One could argue this requirement should be limited to the donor antenna cable and backbone, but the code isn't clear.  In any case, code officials are thinking about fire compromising emergency systems.

That's interesting.  How is this pragmatically satisfied?  Intumescent filled rigid conduit for all cables?

Just as one would handle anything else that requires the same rating, like a typical 2-hour shaft wall or demising wall. I don't really get into specifying things like that but the most practical methods seem to be building a two-hour rated drywall enclosure around the conduits, or encase them in concrete.  

These days we use more and more  alarm panels that work over ethernet or smart-home controllers with wireless sensors. Serial communication, slow, vulnerable, non-encripted shall stay in 20th century

Jeff

I would take it that you have raised this issue with UL and ETL and that given the safety concerns, listings of the listed control panels with this vulnerability are being reviewed/ pulled? Also sounds like UL needs to modify their own standards for approval of control panels? 

Larry: 

Thank you very much for your message.

I am in the process of getting my message out and yes UL, ETL, and the NFPA have to recognize that things are getting missed by equipment manufacturers. Given that, and in my opinion, in 2018, we can do much better to make alarm systems safer, and the Interceptor and/or its technology do just that. 

Respectfully submitted,

Jeffrey D. Zwirn, CPP, CFPS, CFE, FACFEI, CHS-IV, SET, CCI, MBAT, Zwirn Corporation

Jeffery, if one connects a landline to the on-board autodialer, in addition to the dual diversity communicator on the databus, will this mitigate the risk associated with the unprotected databus?

For some people at least, that could be a less expensive route than the Interceptor, yes/no/?

ok, I'm going to ask the question that everyone reading this thread is apparently too skerred to ask....

"CPP, CFPS, CFE, FACFEI, CHS-IV,P SET, CCI, MBAT"

Jeffrey, do you ever forget one of the many 'after the name' identifiers in your signatures to most of the posts in this string - or do you use a macro that automatically adds all those identifiers every time you sign off on a post?

Secondly, if most people have no idea what most of those things even mean, what is the reason for using each one of them every time you post in this forum?

 

Secondly, if most people have no idea what most of those things even mean, what is the reason for using each one of them every time you post in this forum?

Agree. 

Clearer would be :

Jeffery D. Zwirn, Certified Protection Professional, Certified Fire Protection Specialist, Certified Fraud Examiner, Fellow of the American College of Forensic Examiners, Certified in Homeland Security-Level IV, Senior Engineering Technician Level IV Certified in Fire Protection, Certified Criminal Investigator, Master Burlgar Alarm Technician

Though his middle initial could be expanded as well ;)

Thank you for your comments regarding the acronyms after my name. In my formal correspondence I do add footnotes to identify what the credentials indicate.

I trust that any questions regarding same would be answered by going to my company website at alarmexpert.com or by contacting my offices directly at 1-800-353-0733

Respectfully submitted, 

Jeffery D. Zwirn, Certified Protection Professional, Certified Fire Protection Specialist, Certified Fraud Examiner, Fellow of the American College of Forensic Examiners, Certified in Homeland Security-Level IV, Senior Engineering Technician Level IV Certified in Fire Protection, Certified Criminal Investigator, Master Burglar Alarm Technician

Jeff,

My suspicion is that people are not questioning whether you have those credentials but why you feel the need to keep displaying them. For example, you have listed them 10 times in this discussion. I think it's overkill. Also, for me, your persuasiveness will be based on the strength of your arguments presented not whether you have enough or good enough credentials.

But an alarm system with that kind of redundancy would be killer...

John I am glad to take the credentials off after my name, I truly did not realize that this was an issue.

At the same time I will never respond anonymously.   

In my opinion, the persuasiveness of the arguments should be based on the persons education, skill, knowledge, training, experience and credentials, and of course, the argument itself.  Otherwise, the foundation of where the person derives their information from may be moot and is generally not defensible. 

Surely, credentials count in the alarm industry and in many other professions.   

Best 

Jeffrey Zwirn, President, IDS Research and Development, Inc.

Surely, credentials count in the alarm industry and in many other professions.

 

Let's put aside for a moment whether credentials should or should not count. The reality is, as the response from the alarm manufacturers and many professionals on this site have been to your product, credentials do not matter enough to sell your product.

My point to you is that you should try to find ways to be more persuasive. Understand the concerns, find ways to provide evidence to overcome and convince them. I am hoping that you take this as constructive feedback because I do think you can better achieve your goals by focusing on increasing the persuasiveness of your case and marketing.

 

Thank you for your feedback. The Interceptor is selling and I look forward to my invention helping save lives and minimizing property loss.

...REALLY?  You people have a problem with someones thread signature including their credentials?

 

...is THIS where we're at in the alarm industry...that we're that jaded by someone having their credentials in their signature.

sad

 

Corbin Hambrick, ABCD, EFG, HI, JK, LMNOP

1.  My question was made in jest - but John is right... I joked about it because it seemed odd to me that he felt the need to add the identifiers every time he posted.

2.  You don't need to even 'sign' posts to begin with - we know who you are cuz your name begins each post you make.

Finally good question, so many new useless abbreviations :)

Dennis: 

Thank you for your comments. I do not consider credentials useless unless the person looking at them does not know their value as it relates to the persons recognized expertise in part. By way of example. as you probably know, SET, is from NICET for their Level IV Fire Protection Engineering Technology / Fire Alarm Systems Credential. Certainly, authorities having jurisdiction and industry professionals recognize the NICET Level IV value in successfully achieving same and so do many others. 

Respectfully submitted,

Jeffery D. Zwirn, Certified Protection Professional, Certified Fire Protection Specialist, Certified Fraud Examiner, Fellow of the American College of Forensic Examiners, Certified in Homeland Security-Level IV, Senior Engineering Technician Level IV Certified in Fire Protection, Certified Criminal Investigator, Master Burglar Alarm Technician

 

 

As a former home automation programmer/engineer, I have some history integrating with alarm panels.  Often this is/was done via an RS-232 interface that hangs off the alarm system RS-485 bus.  There were time when the control system could lock up the panel or put it into fault by misconfiguration or particular commands not supported by the panels firmware.  Alarm integration was always something I strongly advised the client or integrator not to do because of the life safety aspect.  More recent panels often integrate via Ethernet and are more sophisticated in their handling of integrated third-party devices but it still makes me uncomfortable.

UL and NFPA set the standards for the alarm industry, if they don't address the issue I don't see dealers doing it. There are numerous ways to compromise systems many of which are not addressed by the industry or the regulatory bodies.

Having been in the sensor business most of my career, one of my pet peeves is that sensor tamper switches are not wired in the US, its mandatory in Europe. Another is I tried unsuccessfully to get the US industry to install anti masking sensors and high security magnetic contacts, 99 percent of the dealers don't care.

So while Jeffery has a great point but how many dealers are going to install this device? Without it being mandatory not a great deal in my view. Plus will the end user pay for it I can't see a dealer putting them in for free.

Then if its not an approved accessory you can't legally add it anyway. Can u imagine a  Fire Marshall's reaction to seeing this board? Sure many don't drill into that far but I have a guy who besides being the local AHJ is on the NFPA committee that writes the standards and he checks everything.

Of course the dirty secret of our business is due to mass marketing, especially in residential systems, the installer cares little about the level of security they provide as they only want the RMR.

I wonder how long the Risco device has been out and what is its sales success rate.

Dear Larry: 

Thank you again for your feedback. The Interceptor is already ETL Listed to UL 1023, UL 985, and UL 365. I would never engineer and sell a product that was not listed by an NRTL. Further, UL 864 10th Edition is also in the works for the Interceptor. 

Respectfully submitted, 

Jeffrey D. Zwirn, CPP, CFPS, CFE, FACFEI, CHS-IV, SET, CCI, MBAT, Zwirn Corporation

Larry,

"Another is I tried unsuccessfully to get the US industry to install anti masking sensors and high security magnetic contacts"

What are anti masking sensors and high security magnets and how do they work?

Anti masking sensors detect anything that is put on the face of the detector to stop it from seeing a intruder. Bosch had these.

balanced high security contacts are made by a number of companies Interlogix is one. These will detect a magnetic taped over the contact during the daytime to defeat the contact from giving an alarm when the door is opened at night. 

I certainly understand anti-masking in cameras but cannot comprehend how a NO/NC sensor can do that.

Likewise I still can't grasp the balanced high security contact and will have to research that too.  I'm guessing that you have to "calibrate" it at it's normal closed state and that it will detect stronger magnetism outside of that calibrated range?

This article explains motion detector anti masking. 

Balanced high security contacts will not always detect a magnet taped over the high security contact if their core technology uses reed switches. Once you know the polarity of the reed switches then you can easily defeat them. A compass from a box of Cracker Jacks will tell you what you need to know. Ask Magnasphere for a demo of how they defeat the Sentrol 2707A. Here is the link to video.

http://magnasphere.com/press/video/magnetic-defeat-of-a-ge-sentrol-2707a/

Even though the video doesn't show it, in order to know which way the three magnets should face, he uses a small plastic compass on the magnet that faces the contact that I think actually did come from a box of Cracker Jacks...

Not that Magnasphere needs me to do any commercials for them, but its nice to know someone has built something more secure than a reed switch. The counter point to Magnasphere is that they are a bit more expensive (ok alot more when it comes to High Security Level 2) and they have to be installed with an excruciatingly small gap, but low cost and convenience are seldom associated with real security.

I'm interested to see how the keypad and serial bus holds up to shorts with Bosch. DMP supervises their keypad and LX bus and if the system is armed and you short the LX bus then you will cause an alarm on all connected zones and if you short the Keypad bus then you will cause that keypad to stop working, but not the panel. If you short keypad power then you can take out all of the keypads that share that power from the panel, but the panel will keep right on working.

Personally, I believe with proper system design, and installing the right equipment the right way (still amazes me that so many people who sell alarm systems have never read UL681) along with proper monitoring and supervision, what this product "fixes" is inconsequential. Then again, most people who use an alarm were looking for a "free" or low cost system and have no standards or insurance requirements to be met, so they probably have one of the panels that could be defeated by shorting the data connections. 

I hate to admit it but I am one of those who've never read UL681.  I didn't even KNOW about it.  ...surprised that Texas licensing didn't mention anything about it when getting my license.  ...or at least it didn't mention it boldy enough for me to grasp that I needed to read and understand it.

I have it bookmarked and will be doing some exciting reading this weekend.

Many in the alarm industry have not read UL 681, because it relates to          UL Certificated Burglar Alarm Systems. However, it contains important information for everyone in the alarm industry who installs mainly commercial burglar alarm systems. 

Respectfully submitted

Jeffery D. Zwirn, President, Zwirn Corporation

[Disclosure: I am a rep for Bosch intrusion products.]

I'm interested to see how the keypad and serial bus holds up to shorts with Bosch.

The power line on the serial bus is protected against shorts. Points connected to the shorted serial bus go into trouble. 

Sorry I didn't see this question earlier. 

1.  Wow. I'm surprised to see the pushback here.  As a licensed security pro I take my customer's security very seriously (as if I'm protecting my own family).  I know it's probably human nature to be averse to change and I know it seems a bit of a conflict of interest for Jeffrey to not only find the flaw but be selling the fix, but this information concerns me greatly...especially since I install the Concord 4 panels--with only a few being used for fire in addition to burg.  ...and given Jeffrey's purported expertise (I've not confirm but will assume at this point it's accurate) would think people take him more seriously.

2.  Jeffrey, I have questions for you.

The alarm.com panels specify that the power (red wire) for the module be wired directly to the system battery and include the parts to do so.  Likewise when a sensor is "activated" (such as would be caused by breaking in) the alarm goes into alarm mode and waits for a valid disarm code.  If it doesn't receive a valid disarm code within the configured amount of time it goes into alarm.  I think this is referred to as smash and crash protection

So:

A. Since the modules 12v is coming straight from the battery does that negate the ability to short it as you describe?

B. Wouldn't this smash and crash feature negate the ability to get away with shorting it too?

C. I get that this only addresses half of your argument though and that a fire could still cause a problem because even though the module is powered by the battery, and could report trouble it might not be able to accurately report a fire (if the panel is being used for fire).  Is that an accurate statement?

D.  Is your assessment based on empirical evidence having done some in-lab testing to confirm what you're interpreting out in the field?

E. If so did you ever make any videos that can be shared?

It all made sense when I first read this, it made a lot more sense when I witnessed a demonstration at ISC last year.  What doesn't make sense is why the manufacturers are not including this technology n their existing products.  I can't imagine that building this in would add any great cost while providing the protection they tout..  Thanks for pointing out this serious vulnerability!

Thank you for your feedback. 

My guess is that many mfgs will start QUIETLY building it into their products.

They just don't want to admit that millions of their products in the field have this liability due to the potential litigation it would open them up to.

Not knowing or knowing about this serious control panel defect is completely unacceptable, if no one does anything about it.

Its time to make alarm systems safer and my invention just does that.  

Jeffery D. Zwirn, President, Zwirn Corporation.

Its time to make alarm systems safer and my invention just does that.

Invention.  Patent Pending?

Jeffrey,

In your piece you shared two panels that are obvious targets, and information about others.  I don't want to take the time to go look for that but other then the two mentioned Honeywell Vista and Concord 4, do you know of others that specifically are open to this potential?

Dear Mr. Hambrick:

Thank you for your support of the Interceptor and Making Alarm Systems Safer. Kindly consider the following:  

Please go to my website at alarmexpert.com to review and verify my education, skill, knowledge, training, experience and nationally recognized peer reviewed credentials.

The alarm.com radio requires that the data portion of the radio be connected in parallel to the data-bus wiring (which is installed throughout the home or business under most circumstances), so the power for the alarm.com radio being connected to the control panels backup rechargeable battery does not change this serious control panel defect, since data for a radio without power or power on a radio without data, renders the alarm.com radio instantly useless. Given that, this mission critical part of the system will instantly fail. Imagine telling your subscriber about this system vulnerability.  What do you think would be their reaction? Indeed, this is the only part of the alarm system which is not electronically supervised in the event of a short on the data-bus, but it is the most important part, due to what is required to connect to the data-bus in parallel.

With regards to crash and smash feature, (if it is enabled) it works for the exit/entry delay door, when the alarm system is armed, and the entry door opens since the opening of the door sends a signal through alarm.com to a cloud where it is held unless the alarm system is disarms by an authorized user. If the alarm system is not disarmed, or the control panel is attacked, alarm.com transmits a signal to the central station through its crash and smash feature.  Therefore, this feature may help to protect against an intentional keypad data-bus wiring attack. However, most alarm companies who I have spoken to advise their central station to handle this signal as a trouble condition or it’s a log only event. Clearly I do not agree with this methodology.  

In any event, and even with the crash and smash detection feature, any fire accidentally attacking the data-bus wiring will instantly shut the system down and NO signal will be transmitted to Alarm.Com and/or to your central station. Please note that in order for the smash and crash feature to work, the alarm has to be activated, such as opening an exit/entry door. Despite that, fire attacking the data-bus wiring does not trigger the alarm system first.

By way of further example, let’s assume that a fire starts in an attached garage of a home and eventually burns its way into the premises.  Located in close proximity to the exit entry door is likely going to be a system keypad. Once the data-bus wiring to that keypad or the keypad itself is attacked by the fire, the system will be rendered non-functional, because all of the mission critical devices such as an alarm.com radio and an external dual diversity radio receiving unit, will instantly shut down.

Once again, and under these foreseeable scenarios, no alarm has been detected by the control panel set as of yet.  The same technical fact pattern holds true if this happens to any part of the data-bus wiring or to the power output wiring which connects to the data-bus loop in the attic of the home or if a fire attacks the data-bus wiring in the wall of the home. That said, no alarm will be activated and once the data-bus wiring is shorted out, all of the mission critical devices will instantly fail.  

  1. Since the modules 12v is coming straight from the battery does that negate the ability to short it as you describe? NO.
  2. Wouldn't this smash and crash feature negate the ability to get away with shorting it too? Maybe and if enabled, and depending on the situation. Despite that, this feature is meaningless against an accidental fire attacking and shorting out the data-bus.

With regards to my expertise and qualifications, please go to my website at alarmexpert.com to review my specialized education, skill, knowledge, training, experience and nationally recognized peer reviewed credentials. In addition, I have been qualified by courts as being qualified in the forensic study of alarm systems

  1. I get that this only addresses half of your argument though and that a fire could still cause a problem because even though the module is powered by the battery, and could report trouble it might not be able to accurately report a fire (if the panel is being used for fire). Is that an accurate statement?

 Yes. With this in mind, you will get NO alarm or trouble signal at the central station, because the data-bus is shorted out. It is like connecting an alarm.com radio and not connecting the data portion of the radio to the data-bus of the control panel set.

  1. Is your assessment based on empirical evidence having done some in-lab testing to confirm what you're interpreting out in the field?

Yes. Furthermore, I have been forensically investigating alarm systems cases and claims nationally since 1980, being 38 years, and during the germane periods of time, I have personally witnessed alarm systems failing due to accidental and intentional attacks on the data-bus.

Please also see www.interceptorprotectedcom .

E. If so did you ever make any videos that can be shared? I am glad to upload a video or send you one. Notwithstanding the foregoing, you can easily verify my forensic finding by looking at the attached schematics and/or by setting up a Concord IV and an alarm.com radio. This equipment is good. However, with the Interceptor it makes the alarm system safer. Otherwise, each of your subscribers to an unacceptable risk which poses liability to your alarm company and to the respective equipment manufacturers. Please see the link in the IPVM article to a legal opinion letter by Veteran Alarm Industry Expert Attorney Michael Revness. Mr. Revness did not receive any compensation from me or any of my companies to provide his opinions regarding same. 

Respectfully submitted, 

Jeffery D. Zwirn, President, Zwirn Corporation

Jeff,

It looks like I have to sign up with yet ANOTHER new distributor to acquire your product.

Maybe you could get this into more national distributors to make it easy on some of us.

Balanced alarm contacts and anti-masking motion detection is industry standard for high-risk, high burglary exposure premises and in many other applications.  In addition there are also Magnasphere contacts; which are designed for high security applications and in one of their tests, Magnasphere outperformed balanced contacts, in that the balanced contacts were able to be bypassed unlike the Magnasphere products.

Please look at the Bosch product line, Potter now Amseco, plus Honeywell, are other resources as well to learn about same. 

Respectfully submitted,

Jeffery D. Zwirn, President, Zwirn Corporation

To All: 

Notwithstanding whether or not you agree that the Interceptor makes alarm systems safer or not, or if the risk is foreseeable or not, I ask the following questions and look forward to your responses. 

If you install Honeywell and/or Concord Control Panels and fire damages the data-bus wiring of the control panel set, and as a result your system fails, as elaborated to in the technical specifications which I have shared with you on the Interceptor; what is going to be your defense in a lawsuit. I ask the same question as it relates to an intentional attack on the data-bus wiring as well.

Foreseeable Deposition Questions Against Equipment Manufacturers, Alarm Company's, and their Employees who Do Not Offer and Use the Interceptor, when any of their subscribers suffer a fire loss and/or a burglary loss whereby the data-bus wiring of the control panel set is either accidentally or intentionally shorted out.

Is there any way that you could have technically protected the data-bus wiring of the Honeywell Control Panel which you recommended and sold to the Plaintiff in this case before the fire or burglary occurred? 

Is there any way that you could have technically protected the data-bus wiring of the Concord Control Panel which you recommended and sold to the Plaintiff in this case before the fire or burglary occurred?

Prior to the Plaintiffs loss, were you aware that the data-bus wiring on the control panel was vulnerable to an accidental or intentional attack, which would instantly render wireless radio alarm transmitters and external wireless radio receivers non-functional? 

How is important is reliability on a burglar alarm system? 

How is important is reliability on a fire alarm system? 

How important is reliability on a burglar and fire alarm system? 

Would you ever knowingly recommend and install any alarm system if it contained an unprotected vulnerability on its data-bus? 

Was there any product on the market either when you sold the alarm system or after you sold the alarm system which is designed to protect the data-bus wiring? 

Did you ever offer this technology to your customer before they suffered the loss in this matter? 

Where on your contract does it reference that you offered the Interceptor to my client and that they declined it as a cost consideration?

If any of these questions make you feel uncomfortable and they should, as to anyone not taking the criticality of the Interceptor seriously, or any other product that address a dangerous vulnerability and as a result, protects and/or fixes the problem, then you need to rethink you position, because these questions are just the beginning of what will likely be exposed by opposing counsel in a lawsuit against you and your company and the equipment manufacturer.

 

Respectfully submitted, 

 

Jeffrey D. Zwirin, President, Zwirn Corporation 

 

Was there any product on the market either when you sold the alarm system or after you sold the alarm system which is designed to protect the data-bus wiring?

Is there any way that you could have technically protected the data-bus wiring of the Honeywell Control Panel which you recommended and sold to the Plaintiff in this case before the fire or burglary occurred?

Where on your contract does it reference that you offered the Interceptor to my client and that they declined it as a cost consideration?

Are you kidding me, Jeffrey?

Are you working with prosecutors to insure these “foreseeable questions” are asked?

Nice technique...

I guess I'm coming from a different angle or something.  I don't get all the push back.

Jeffrey is trying to explain what he's seen in the field.  I'm taking this as him sharing what he's found and what he shares in his forensic reports that the prosecution would then be able to use to go after us.

Yes he's selling something, but do you not take this seriously or something?

I sell Concord 4 panels so I'm definitely concerned.  Fortunately I only have a few panels that have fire zones and I don't see the burglar issue as very probable since we have the smash and crash on ours via alarm.com module.

Regardless, I'm taking steps to properly inform my customers and deal with this.

Likewise I've been looking at moving away from Concords potentially anyway but this certainly adds one more reason to do so.

I guess I'm coming from a different angle or something. I don't get all the push back.

Jeffrey is trying to explain what he's seen in the field. I'm taking this as him sharing what he's found and what he shares in his forensic reports that the prosecution would then be able to use to go after us.

It’s a bit heavy handed to imply that now because you read his posts about the manufacturer defect, but didn’t get your client to sign a waiver on buying his Interceptor (referenced by name), you are likely exposed to liability.

If you do not pay attention to LIABILITY it will pay attention to you. 

The issue here is security and life safety not that I invented the Interceptor. 

Similarly, encrypted wireless is another liability whether you know it or not, to the extent that an intruder under this fact pattern can use an SDR to intercept and shut down wireless control panels that are using 1980's technology.

It would be considered an omissions case to the extent that you failed to disclose that material fact and I have been involved in being an expert for more than one litigated case regarding same. 

My goal here is to tell you what you might not know and help better protect your customers, help you minimize liability for your company and for you as well. You can disregard this advice but you do so at your own peril. 

Respectfully submitted, 

Jeffrey D. Zwirn, President, Zwirn Corporation. 

Corbin, I worked with commercial intrusion systems for over a decade before joining IPVM and I'll tell you my take on this, and why I have pushback to the Interceptor.

All of these scenarios of data bus destruction are plausible. Totally. 100% I believe could happen. If I were selling commercial systems I'd absolutely include this on a proposal and use it to show that I'm more expert than the next guy. Same reason I started using Magnasphere after talking to them. It's an extra measure of protection that could stop specific attacks.

However, my problem is that I see no evidence that these attacks are common. I have never heard anyone mention them other than in this thread. I haven't seen any sort of statistics showing how often it happens. It's like the blanket statement "Criminals are getting more sophisticated all the time", except when you read reports most burglaries are simply still someone breaking a window, kicking in a door, etc.

So I think it's heavy handed to claim that every system needs this without that information. If it's true, back it up with stats showing how common it is. But if it's, let's say, 5 incidents out of every 10,000, you're increasing system cost greatly (burg panels are cheap!) for a 0.05% chance.

It's the same reason the industry hasn't switched to all balanced contacts or Magnasphere. Because the number of incidents in which an intruder used a magnet to defeat a contact are small. They may be high profile because of their sophistication and rarity, but still small.

I won't knock anyone taking steps to inform their customers that this is a possibility and selling the Interceptor. I just want to see the numbers before agreeing it should be a ubiquitous device.

Ethan: 

Thank you very much for your feedback. Just because you are not familiar with something, does not mean that it can be disregarded. The risk is real and in 38 years of forensically investigating alarm systems nationally I do not need stats to help save lives and minimize property loss. Similarly, stats will not negate your liability, nor can they save your customers life or their property    if there is an allegation that your alarm system failed under the fact patterns presented. Are you saying that your defense is going to be that you have no liability because the statistics protect you?  Please do not be that person or get legal advice before you take that untenable position. 

If you knew tonight that an intruder or a fire was going to happen in your home you would do everything in your power to protect your family and your assets, but of course we cannot put any stats on this potential to determine if we are next, and if the alarm system fails, as I have seen time and time again under this scenario the risk is extremely high to you and your company.

 

Respectfully submitted,

Jeffrey D. Zwirn, President, Zwirn Corporation.

 

Jeffrey,

To this point I have just tried to lighten up the thread with jokes that only I find funny I am sure... but I think that Ethan posted a very reasonable and well-supported position statement regarding your claims.

...and yet you continue to (effectively) use the same marketing tactics that door-knocker alarm system sales teams use when showing all the local houses that have been broken into on their maps that they immediately display if they get someone to open the door.

I also agree with Mr. Karas that you might benefit from a professional marketing provider.

Why haven't you approached the regulatory side with your life-saving invention?  Or have you, and they yawned?

I am all for saving lives - and if your invention (that you are understandably passionate about) is the critical missing piece from commercial and residential alarm boards, then why don't you try and license your (patented?) invention to manufacturers?

Thank you very much for your feedback. The Interceptor has been well received and the process has been on-going to currently sell the Interceptor and license the technology.

In addition, this process includes educating AHJ's and other entities about what the Interceptor does, and why it is so mission critical for alarm systems.

As to my input in this forum, it is to be responsive to all comments.

The Interceptor is listed by ETL and is patent pending.

Respectfully submitted,

Jeffrey D. Zwirn, President, Zwirn Corporation

It is common practice for forensic experts to assist counsel in their questioning of deponents. No kidding. This is equally important for both Plaintiffs and Defendants who I have worked with since 1980, including a profusion of alarm companies and equipment manufacturers who have retained me. 

Having said that, the salient point is can you answer the questions? 

Respectfully submitted, 

Jeffrey D. Zwirn, President, Zwirn Corporation

Can you provide one actual case where an Integrator was found liable for a databus failure?

Thank you.

Answer, I am aware, it was not an approved option by the manufacturer who listed this system in accordance with UL as appropriate. It is still not an approved option by the manufacturer and yet the system is listing by the national test lab without this device, for the intended purpose I sold and installed it.  The addition of this device may have voided the warranty of the original system. 

That is not the issue at all. The Interceptor is ETL listed to be connected to any control panel which is UL 1023, UL 985 and UL 365. I know I serve on 22 UL technical committees and received my first UL Listing in 1984.

Plaintiffs Lawyers are already very well equipped to focus on foreseeability questions.

Foreseeable Deposition Questions 

Why are these "foreseeable"? Do you think a court would accept that databus failures are so common and foreseeable that alarm installers should consider them to be an almost expected point of failure/weakness?

Also, should installers be expected to offer the customer every conceivable form of additional protection? What about using armored cable, heavy gauge cabinets, etc?

When many installers do not even put EOL's at the end of the line, and do not seem to face legal liabilities for it, why is it "foreseeable" that they will have been expected to be aware of your product and accept that it should be offered? 

How are these alarm panel manufacturers staying business, and avoiding liabilities, for so many years without addressing this issue themselves? It is not like they could not solve the problem in the panel if they wanted to, but the additional cost is seemingly not justified. 

 

Brian:

In follow up to your question kindly find the following: 

When many installers do not even put EOL's at the end of the line, and do not seem to face legal liabilities for it, why is it "foreseeable" that they will have been expected to be aware of your product and accept that it should be offered?

Under separate cover I forwarded an article to you that was published about one of my forensic cases in Security Sales and Integration Magazine, whereby a woman was murdered when her alarm system failed as a result of an end of line resistor not being properly terminated. 

Kindly post it for all persons to read. 

It is foreseeable that both normally closed and normally open protective loop circuits can become impaired and regardless of whether this was accidental or intentional, without properly employing an end of line resistor (EOLR), the alarm system will “appear” to function, when in actuality the system is dangerously impaired.

It is foreseeable because this serious defect and methodology has been happening  (losses as a result of improperly terminated EOLR’s) ever since we went from double circuitry to EOLR supervision. Further, the equipment manufacturers require that all End of Line Resistors be properly terminated at each of the respective zones of the alarm system.

EOLR supervision is required as part of the UL Listing of the product and for fire, all normally open circuits shall be electronically supervised using end of line resistor supervision as well.

Therefore, equipment manufacturers of alarm systems across the US and around the world, have recognized the criticality of requiring that end of line resistors be terminated at the end of each protective loop zone of the alarm system, and both UL and ETL, who are both nationally recognized testing laboratories, require electronic supervision on all alarm systems too, since both normally closed and normally open protective loop circuits can foreseeably become impaired.

Alarm contractors and system intergrator's have certain duties and if anything makes an alarm system safer, this information becomes very germane especially after a loss to the extent that someone does not offer and/or provide same. This applies across the board to alarm technology and is not at all limited to the Interceptor technology.

Look at ADT's contract which states in pertinent part that essentially ADT has offered the customer the full range of equipment and services available and the customer made selections based on what was offered (This is not verbatim). Why do you think that this language is on the front page of the ADT contracts? 

Respectfully submitted, 

Jeffrey D. Zwirn, Zwirn Corporation 

 

 

 

 

To All: 

For your information and in support of what I advised you about in pertinent part: 

https://www.adthomesecuritysettlement.com/

ADT Home Security Settlement

Michael Edenborough v. The ADT Corporation and ADT, LLC d/b/a ADT Security Services
United States District Court, Northern District of California, Case No. 16-cv-02233-JST

Welcome to the ADT Home Security Settlement Website

IF BETWEEN NOVEMBER 13, 2009 AND AUGUST 15, 2016, YOU ENTERED INTO A CONTRACT WITH ADT OR AN ADT DEALER FOR INSTALLATION OF A RESIDENTIAL SECURITY SYSTEM THAT UTILIZES ONE OR MORE WIRELESS SENSORS, THIS NOTICE CONTAINS IMPORTANT INFORMATION THAT MAY PERTAIN TO YOU. PLEASE READ IT CAREFULLY. YOU COULD GET A PAYMENT FROM A CLASS ACTION SETTLEMENT, BUT YOU NEED TO SUBMIT A FORM TO DO SO.

ADT CORPORATION and ADT LLC (collectively “ADT”) has agreed to pay $16,000,000 in a nationwide settlement of all claims alleged against ADT in Michael Edenborough v. The ADT Corporation and ADT, LLC d/b/a ADT Security Services, Case No. 16-cv-02233-JST (USDC ND California) (“the Edenborough Action”) and several other putative class action cases filed on behalf of ADT customers nationwide (“the Related Actions”). The proposed settlement (“the Settlement”) is a compromise of all claims alleging that ADT failed to disclose an alleged vulnerability of the wireless signals in its residential security systems to evasion or jamming by electronic devices. ADT denies the allegations, denies liability, and asserts numerous defenses. The Settlement avoids the costs and risks from continuing the lawsuit, pays money to certain current and former ADT customers, and releases ADT from further liability (except for claims of personal injury or for loss of or damage to property).

Respectfully submitted, 

Jeffrey Zwirn, President, Zwirn Corporation

I ask the following questions and look forward to your responses...

Where on your contract does it reference that you offered the Interceptor to my client and that they declined it as a cost consideration?

If any of these questions make you feel uncomfortable

The "you may be liable unless you offer your client my product" line may be the most amazing sales pitch ever. You may be forgetting that you sell the Interceptor and ergo such a recommendation is an inherent conflict of interest.

That noted I do think there is a worthwhile general point. What risks do you need to disclose to your customers? There are obviously lots of risks out there, how likely do they need to be for you to have to actively and specifically enumerate them to customers? 

 

John: 

Thank you for your feedback. My responses are listed below 

The "you may be liable unless you offer your client my product" line may be the most amazing sales pitch ever. You may be forgetting that you sell the Interceptor and ergo such a recommendation is an inherent conflict of interest.

What I have forensically identified and what I offer to alarm professionals is not a sales pitch and it is also not an inherent conflict of interest, it is a technical way of helping the industry better protect their customers, and to help minimize their liability as well.

Surely, there is always going to be a cost for providing a solution. 

Please remember that I have been forensically investigating alarm systems for 38 years across the country and testifying to juries and judges as well during this time period.

Given that, my opinions for both plaintiffs and defendants alike as to identifying responsible parties and helping to minimize liability and risk, have been part of my core competence for almost four decades.

Against the foregoing backdrop, I have specialized and unique education, skill, knowledge, training, experience and nationally recognized peer reviewed credentials which are extremely germane to what I have forensically seen first hand, and know has happened, and what I know will continue to happen, ergo, that is why I designed the Interceptor. 

At the same time, if you want to call educating persons about something that has not been recognized by the alarm industry and that will help make alarm systems safer 100% of the time, as to accidental and/or intentional shorts on the data-bus and/or its wiring, and that will help minimize loss to subscribers, and risk, to the alarm company and equipment manufacturers as well, it is certainly misplaced.

Just because I invented and sell the Interceptor, does not make my recommendations a conflict of interest. In other words, if there is another product that does what the Interceptor can do and does not infringe upon my patent, than your readers can certainly seek the product out. However, there is no such product, but the risk remains.

My information about the Interceptor provides the reader with knowledge that most persons do not have, as to this serious defect, and as to what my product does. If your readers want to disregard my opinions and those of Attorney Revness, and other experts, than they do so at their own peril. Despite the foregoing,  the risk remains, and now for the very first time my invention provides a solution. I think that all products which make a product safer should be applauded.

Honeywell makes both un-encrypted wireless, and encrypted wireless control panels now. When Honeywell started marketing their encrypted control panels, that was not a sales pitch in my opinion, it was about educating their customers as to the safety and security benefits of wireless encryption over their un-encrypted wireless that they still sell to their customers. Similarly, it was certainly not a conflict of interest. 

The information which IPVM looked at, is not just about the Interceptor, it is really about any product that makes technology safer, and more specifically, alarm systems safer.

By way of yet another example, when Uplink came out with a cellular wireless radio in order to help enhance central station communications and eliminate the risks associated with a DACT, it was not a sales pitch, it was a way to make alarm systems safer, and it certainly did just that.

Furthermore, if an alarm company does not offer a radio as part of their security recommendations to a subscriber, and an intrusion occurs, whereby the intruder cuts the premises phone lines, and the alarm system fails to be able to transmit alarm signals to the central station, there have been many cases where the alarm company was found to be liable; for NOT disclosing to the subscriber the vulnerability of telephone line based central station communications. 

That noted I do think there is a worthwhile general point. What risks do you need to disclose to your customers? There are obviously lots of risks out there, how likely do they need to be for you to have to actively and specifically enumerate them to customers?

Notably, the first thing an alarm company needs to do is to get professionally drafted alarm contracts, in order to help minimize            their liability.

Believe it or not, many companies today still do not use alarm company contracts that were professionally drafted by a lawyer who specializes in the alarm industry. 

In my opinion, all alarm company documentation needs to include yes and no questions with boxes that a customer can accept or reject. Certainly this is commonplace for many industries, such as companies like Avis and Hertz that offer their customers full coverage insurance and other products that minimize out of pocket expense in the event of an accident and they also offer a customer more coverage for liability as well.

In the alarm industry yes and no questions may include additional smoke detectors, yes or no, CO detectors as to the customer being willing to buy them, yes or no, and of course, wireless radios of either the one-way or two-way type, yes or no? 

Coming full circle, no alarm company contract can ever be expected to protect an alarm company under all circumstances, and the same holds  true no matter what an alarm company does or does not do.

That being said, everything that an alarm company selects and installs, and the methodology of how they design, install, and monitor an alarm system,  plus the way in which they train and/or supervise their employees is mission critical. 

 

Respectfully submitted, 

Jeffrey D. Zwirn, President, Zwirn Corporation

...there have been many cases where the alarm company was found to be liable; for NOT disclosing to the subscriber the vulnerability of telephone line based central station communications.

Can you provide a few of those actual cases? 

Thanks!

Many of the cases are subsumed in the Alarm Science Manual, which is a peer reviewed book that was written by me in 2014. Notably, I do not mention the Interceptor in the book. 

In the litigated cases, once they settle there is a confidentiality order that is required by the settling party. To that end, I can never disclose the name of the alarm companies and/or their insurers who had to pay for judgments or to settle the litigated matters.  Professionals in the alarm and security industry are aware of these cases and I am as well, especially when I am retained as the alarm companies defense alarm expert witness.

Respectfully submitted,

Jeffrey D. Zwirn, President, Zwirn Corporation.

In the litigated cases, once they settle there is a confidentiality order that is required by the settling party.

Do you know of any cases that you were not a witness?

Sure, but they too are bound by confidentiality agreements. 

Sure, but they too are bound by confidentiality agreements.

How does someone else’s confidentiality agreement bind you?

In any case, the original complaint itself would be public, no?

As long as you are not revealing any private information about the case or award, why can’t you merely indicate the public record of the case?

All of the experts are required to sign confidentiality and non-disclosure agreements as well. The rationale of counsel is quite simple, they and their clients do not want the experts using what they learned in the subject case for another case in the future.

Other records which are produced through (RFP) request for production discovery, also get protected by a confidentiality and non-disclosure agreement as well, of which, is subject to court action if it is breached.

With all due respect, it is similar to responding in an undisclosed manner, the information about you etc, will not be provided. In the litigation world, there is much more at stake and many more persons involved. 

Respectfully submitted, 

Jeffrey D. Zwirn, President, Zwirn Corporation

Jeff, please stop ducking. You don't need to give confidential information. All you need to do is list court case numbers for cases that are related to the vulnerability you describe. And such things are public record, e.g., PACER.

John:

This enforcement of the agreements are crystal clear. This is not a game; the court can find a person in contempt and there is no ducking.

To the extent that you want to scour Pacer please feel free to do so. 

I will not be involved in breaching the agreements which I signed and am bound by.

IPVM holds the confidentiality of its undisclosed members above all, which as you know, I strongly do not agree with.

On the other hand State and Federal Courts are the law and I am legally bound to comply with same. 

I will not debate this topic with you any longer. I have been completely responsive and if you do not like the answer; that is the law, and there is no way and no how that I am going to breach it for any of IPVM's disclosed and/or undisclosed readers.

I trust that you would never breach any of the confidentiality agreements which you sign, especially when the court is involved directly with their enforcement.

Respectfully submitted, 

Jeffrey D. Zwirn, President, Zwirn Corporation 

 

Jeff,

No one is asking you to disclose anything confidential. That a case exists is not confidential. Just simply share the case number(s).

John: 

No further information will be provided. That is why they call it a confidentiality and non-disclosure agreement.  Everything about these cases are CONFIDENTIAL. Please move on.  

 

Respectfully submitted, 

Jeffrey D. Zwirn, President, ZWIRN CORPORATION

I trust that you would never breach any of the confidentiality agreements which you sign, especially when the court is involved directly with their enforcement.

Jeffrey, I specifically asked you if you knew of any cases you weren’t involved in.  

 

John: 

I have already provided information on some of the cases and where they occurred in this email string. Company names have been and will remain omitted. 

Please read the other comments that I have made in my email communications.

Please read the other comments that I have made in my email communications.

Thanks, I will.

How do I get access to your email communications?

It is not my email communications which I was referring to, it is this string of communications. If you want to get a sampling of the forensic cases which I have been involved in look at the Security Sales and Integration Magazine website and type in my name, as they have written about many of my forensic cases and I have also authored articles as well. However, please do not expect to find the Plaintiffs and Defendants names in these articles.

Respectfully submitted

Jeffrey Zwirn, President, Zwirn Corporation

The case I just posted is one example of what I have been informing all IPVM members about.  Under separate cover, I will respond to your other request. 

That being said, I have learned a lot about the forensic study of alarm systems in the past 38 years. I trust that all IPVM members will recognize that this case resembles a multitude of others, with both class action claims and Plaintiffs claims.

Different alarm companies and different fact patterns but this type of litigation has been happening for decades and is not going anywhere. 

One of my goals from the beginning of my career was and is to help all alarm companies and equipment manufacturers better protect their subscribers and their respective companies from liability. Notably, this was long before the Interceptor was invented and after same, and whether or not persons use the Interceptor technology, I will always continue to these efforts.

To that end, I have been training the technical community of the alarm industry for over 30 years. Part of my training has always been to teach attendees ways to help limit alarm company liability. My newest class is called Extreme Alarm Science Boot Camp. 

Respectfully submitted, 

Jeffrey D. Zwirn, President, Zwirn Corporation

Just because I invented and sell the Interceptor, does not make my recommendations a conflict of interest

Yes, it does. And your justification of why it is not one is actually proof of why it is one.

A conflict of interest, as explained by the OECD, "occurs when an individual or a corporation (either private or governmental) is in a position to exploit his or their own professional or official capacity in some way for personal or corporate benefit." This is cited and discussed by the ACFE, one of the groups you list in your certifications (see Conflict of interest GATEWAY TO CORRUPTION).

You have a professional capacity where organizations count on you to recommend solutions and evaluate risk (e.g., you tout "forensically investigating alarm systems for 38 years across the country ", "my opinions for both plaintiffs and defendants alike as to identifying responsible parties").

Now you are using that professional capacity to sell your own solution, The Interceptor. You are leveraging your capacity in one form (guidance) to gain in another form (product sales, patent licensing).

To be clear, just because you have a conflict of interest does not mean you are wrong in your recommendation. But you seriously need to recognize that you have an obvious conflict of interest and take steps to show evidence beyond your own experience.

So my positive recommendations:

  • What and how many cases can you provide where an alarm company was successfully sued for the problems The Interceptor aims to solve?
  • Who and how many other experts (who are not compensated by you) recommend deploying The Interceptor?

 

John: 

This is a follow up to my last communication to you. Can you be fully responsive to the totality of my comments? 

Thank you very much. 

Respectfully submitted,

Jeffrey D. Zwirn, President, Zwirn Corporation.

 

John: 

For your information and in support of what I advised you about in pertinent part: 

https://www.adthomesecuritysettlement.com/

ADT Home Security Settlement

Michael Edenborough v. The ADT Corporation and ADT, LLC d/b/a ADT Security Services
United States District Court, Northern District of California, Case No. 16-cv-02233-JST

Welcome to the ADT Home Security Settlement Website

IF BETWEEN NOVEMBER 13, 2009 AND AUGUST 15, 2016, YOU ENTERED INTO A CONTRACT WITH ADT OR AN ADT DEALER FOR INSTALLATION OF A RESIDENTIAL SECURITY SYSTEM THAT UTILIZES ONE OR MORE WIRELESS SENSORS, THIS NOTICE CONTAINS IMPORTANT INFORMATION THAT MAY PERTAIN TO YOU. PLEASE READ IT CAREFULLY. YOU COULD GET A PAYMENT FROM A CLASS ACTION SETTLEMENT, BUT YOU NEED TO SUBMIT A FORM TO DO SO.

ADT CORPORATION and ADT LLC (collectively “ADT”) has agreed to pay $16,000,000 in a nationwide settlement of all claims alleged against ADT in Michael Edenborough v. The ADT Corporation and ADT, LLC d/b/a ADT Security Services, Case No. 16-cv-02233-JST (USDC ND California) (“the Edenborough Action”) and several other putative class action cases filed on behalf of ADT customers nationwide (“the Related Actions”). The proposed settlement (“the Settlement”) is a compromise of all claims alleging that ADT failed to disclose an alleged vulnerability of the wireless signals in its residential security systems to evasion or jamming by electronic devices. ADT denies the allegations, denies liability, and asserts numerous defenses. The Settlement avoids the costs and risks from continuing the lawsuit, pays money to certain current and former ADT customers, and releases ADT from further liability (except for claims of personal injury or for loss of or damage to property).

Respectfully submitted, 

Jeffrey Zwirn, President, Zwirn Corporation

Jeffrey,

Do you have any data of the lawsuits say within the past 3 years or so?  ...and of that data does it show who ended up paying the price for the liability?

Mostly I'm curious if any manufacturers have had to pay out in any lawsuits, and what percentage of the damages paid came from manufacturers vs. distributors vs. dealers.

Of course a affirmative defense is that the regulatory bodies of our industry do not require data bus protection.

why not ?

to the point just made there are many other ways to defeat security systems how far do we have to go. At some point the cost of the system exceeds how much the customer is will to pay. 

"regulatory bodies of our industry do not require data bus protection"

case dismissed

Larry: 

Liability in forensic cases is not limited to codes, standards and regulatory bodies or to other ways that an alarm system can be defeated.  Please review the legal opinion letter from Attorney Revness which is referenced in the IPVM. article. There are also duties and inherent safeguards and omissions issues as well, but that is not all. 

Mike Revness is legal counsel to the NJ Electronic Security Association and to the Pennsylvania Burglar and Fire Alarm Association. He has represented companies as far back as when Security Link was in operation at its peak.

Interestingly, I have not seen one response from any alarm industry attorney who disputes Attorney Reveness's legal opinion letter about the Interceptor. 

Similarly, many of the persons responding are not willing to disclose who they are, which to me makes their comments suspect. In other words, if a person has an opinion that is opposing or not, they should disclose who they are, then we can see what standing they have to support what they posit, besides their mere words.   

Respectfully submitted,

Jeffrey D. Zwirn, President, ZWIRN Corporation

I have not seen one response from any alarm industry attorney who disputes Attorney Reveness's legal opinion letter about the Interceptor.

How many total attorneys have publicly responded to Reveness's legal opinion letter? Please share links to those responses or least their names and we'll be happy to check and update the post with that.

Thank you John. No one to date has disputed Attorney Reveness's legal opinion letter and it has been widely publicized. 

"Similarly, many of the persons responding are not willing to disclose who they are, which to me makes their comments suspect. In other words, if a person has an opinion that is opposing or not, they should disclose who they are, then we can see what standing they have to support what they posit, besides their mere words."

This is a well-worn (and in my opinion, as someone who posts Undisclosed a lot here) and uneducated position taken by posters here at IPVM.... or at least by those that are able to post what they think (without any potential repercussions to employment status).

You can 'suspect' my comments based on my Undisclosed status all you like.... however, I was hoping that you could just defend your own position without casting aspersions at those that don't possess the same luxury that you do, to post everything under their own name.

I cast aspersions on any person who comments in an anonymous manner. You do not have to agree, but this is disconcerting and is not the way I operate forensically or in any other forum. Anonymous is not well worn in the forensic world. It is unacceptable.

People in the industry that have expertise do have the luxury to speak their minds, and do just that, and this happens whether they are an employee of a company or not. I would like you to explain why you do not have the luxury to disclose who you are, so all of us could understand same. 

How could a credible and defensible opinion cause "potential" repercussions to employment status. 

 

Respectfully submitted,

Jeffrey D. Zwirn, President, Zwirn Corporation.

 

Because, right or wrong, many organizations have strict policies against posting on social media using the employee's own name.

Good point. But in the organizations that I am a member of and/or serve on their technical committees such ASIS International, ESA, CSAA, NFPA, UL, ASCET and SIA, we do not operate under a veil of secrecy, nor would it ever be acceptable to act in any forum without disclosing who you are.

Any suggestion that any and/or all of these organizations are wrong in what they do regarding same is simply erroneous.

Undeniably, each of these organizations are authoritative and IPVM should consider following their recognized practices. If not, then the weight of the anonymous will always be suspect and considerably less than important then someone who posts their name and their background.

Respectfully submitted,

Jeffrey D. Zwirn, President, Zwirn Corporation.

 

NOTICE: This comment has been moved to its own discussion: Do Not Operate Under A Veil Of Secrecy, Nor Would It Ever Be Acceptable To Act In Any Forum Without Disclosing Who You Are.

I'm okay with judging an argument on its merits and not on its presenter. 

How could a credible and defensible opinion cause "potential" repercussions to employment status.

Maybe he works for you ;)

Anyone who works for my companies is able to speak their opinion to me and/or on a site such as IPVM. 

Respectfully submitted,

Jeffrey D. Zwirn, President, Zwirn Corporation.

Larry:

You wrote that "regulatory bodies of our industry do not require data bus protection" and you also added in a 4 second video clip.

However, from a legal perspective this does not dismiss the case. Once again I direct you to Attorney Revnesses legal opinion letter on The Interceptor.

To further support my position as to what creates liability, or not; many national alarm company's have been successfully sued for failure to disclose that their wireless alarm systems were not encrypted. Clearly, "regulatory bodies of our industry do not require that wireless alarm systems be encrypted" so your point is not defensible. Moreover, I defer to alarm industry lawyers, like Attorney Revness. 

Please remember that every case has a different fact pattern so you cannot take a one size fits all approach to risk and liability, and then try to hide behind what regulatory bodies do and/or do not do. I have forensically represented hundreds of alarm companies. One last example for brevity is what they require in the State of New Jersey whereby in the licencing laws it states in part that; no alarm company can do anything which endangers the welfare, safety and heath of their customers. (not quoted verbatim). This is not just about selling and/or licensing the Interceptor, it is about making alarm systems safer and any product that does just that should be supported.   

Respectfully submitted,

Jeffrey D. Zwirn, President, ZWIRN Corporation

 

"One last example for brevity is what they require in the State of New Jersey whereby in the licencing laws it states in part that; no alarm company can do anything which endangers the welfare, safety and heath of their customers. (not quoted verbatim). "

Is this is a joke?

You are conflating a positive action (doing anything that endangers the welfare, etc...) with negligence.

They are not (legally) the same thing (imo*)

*IANAL

In the State of New Jersey, alarm contracting licensing laws are a statutory duty. This is similar to other states which have alarm contracting licensing laws as well. There are also violations which can be initiated against an alarm contractor through its acts of gross incompetency as well as negligence and gross negligence. Obviously, the goal of an alarm contractor in part, is to comply with its duties and to help minimize its risk and liability.

That being said, I am one of the instructors in New Jersey who is approved by the State to teach the alarm contracting licensing laws course and I have done just that, so I have subject matter expertise in this area.  Notably, I am also a Certified and Licensed Alarm Contractor as well.

With this in mind and in any event, there is no confusion on my part. 

The liability applies to any product which you select and install as an alarm contractor and to other actions and inactions of an alarm contractor.

Again, unless you have subject matter expertise in these areas I would not expect you to understand the concepts which are commonly litigated against alarm companies. Conversely, since 1980 I have been retained as an alarm expert for defendant alarm companies across the country.

It would be helpful if you disclosed who you are and as to your alarm industry background, if any, and as to any forensic expertise, if any,      and if you are an instructor in the State of NJ, and if you are a Certified and Licensed Alarm Contractor in NJ or in any other State so all readers could see what in your background supports your comments.

To the extent that you are an employee of a company, I cannot see how disclosing who you are could ever put your job at risk.   

Respectfully submitted, 

Jeffrey D. Zwirn, President, Zwirn Corporation. 

 

 

 

 

 

 

 

 

 

"To the extent that you are an employee of a company, I cannot see how disclosing who you are could ever put your job at risk."

well then, this just supports my personal theory that you are somewhat tone-deaf in certain areas outside of your personal (and credentialed) field.

I am unable to post everything I personally believe because I work (in a really low position) for a very large multi-national company.  And one of the tenets that I like to personally observe is that one must never cause harm to one's employer.

Because I am not privy to everything related to my companies position on everything, I am not free to post my own personal sarcastic comments (that I REALLY want to be able to post in response to most of your comments) - because anyone further up in my corporate food-chain could take my comments in a different way than they were intended.... or maybe even, my words were received in the way they were intended - and it still offends them somehow.

I am not willing to take that chance - even if others, like you, disparage me because of my posting as Undisclosed.

As many - besides me - have pointed out, your go-to move in the entire string is objectionable.... even with the understanding that you are passionate and a true believer in your product.

Fear is what door-knockers use to convince suburban housewives to buy their 5-yr monitored alarm contracts.  You should understand this and position yourself - and your invention - above this threshold.

You are doing a disservice to your own success by being the front man for your invention.

BRK had it right from jump street.

If you are in a low position in your company your opinion still counts. However. a low position would tend to indicate that you have limited experience. This is not about fear it is about reality. In any event, I must dispute what you posit.  As to you being unhappy that I am the "front man" of my invention, are you suggesting that I should use someone with less knowledge and experience, so someone can say that the person trying to educate about the Interceptor only has limited experience? I think not.  

What have you invented and how many patents do you have Undisclosed #3? 

Respectfully submitted,

Jeffrey D. Zwirn, President, Zwirn Corporation.

Jeffrey,

You are a far more credentialed person than I will ever be in my lifetime... even if that were my goal.

You can continue to create paper tigers in your rebuttals - while avoiding all the things that lots of people here have commented on regarding the 'need' for your product.

I hope you achieve what you are looking to accomplish... I really do.

But I am done debating ideas if all you can fathom is your own (credentialed) perspective.

Peace be with you, and keep fighting the fight.

So Jeff have you designed your wonder board to protect itself and the alarm panel from a HPM or TED attack? If not why not?  Under New Jersey law as you explain it you are negligent for not doing so. BTW I can tell looking at your circuit board you have not done so. 

Larry:

Thank you for your feedback. You are not looking at this from a legal perspective and as to liability.  Therefore, please review the legal opinion letter from Micheal Revness which is attached to the IPVM article. 

Respectfully submitted, 

Jeffrey D. Zwirn, President, ZWIRN Corporation

 

 

 

Jeff

I have a great deal of experience ( sadly) with the legal system having run major manufacturing corporations in the this industry. Yes I look at everything from a legal and technical perspective.

A parallel is the automatic door industry where we made motion sensors and safety beams and got sued on the average of once a month for twelve years. In every case, that actually went to trial ( very few) the court fell back on ANSI standards which applies to the automatic door operation and technology.

In this instance, UL nor ETL or NFPA ( or Cal Fire Marshall) standards require a manufacturer to use special protection of the data bus. Honeywell, whom I ran a division for is VERY overly cautious to not get sued,. yet according to you they are shipping unsafe products. As I am a Honeywell dealer I have yet to see a tech bulletin on this subject recommending anything. Why not? What has Honeywell told you about this subject?

ADT has a few million Honeywell panels in the field what is their position on this issue?

Others have asked you:

How many cases have there been with losses to the manufacture or dealer due to data bus damages? You seem to not want to address this question????

What about all the other ways a security system could fail or be compromised of which there are many?

I just discussed this with my former corporate attorney and he has a different opinion than your guy. You line up 10 attorneys and asked the same question your going to get ten different answers. My legal conclusion, after doing a lot of talking about this, is if we use equipment approved, and installed by industry standards, by the regulatory bodies for our industry then you are not going to be held at fault. 

Even in the VERY unlikely event you were found at fault and then you have a Kirschenbaum contract which limits your liability.

When I think about the fire alarms I have installed, its going to be extremely unlikely the data bus will melt before a multitude of detectors give an alarm. One of the great reasons we put a smoke detector over the fire panel.

I must say I agree with John Honovich, you do a have conflict of interest and appear to be trying to scare everyone into using your product. But please answer his questions they are legitimate ones.

 

 

 

Larry:

Thank you for your feedback.

We agree to disagree. 

As to me educating the industry on my invention, which was a direct result of my forensic investigations nationally, what would your idea look like as to how it should be presented? 

There is no conflict of interest here, since the person receiving the information knows who invented it, and knows what their background is. Others in the alarm industry should present their products with the same transparency. Please see what one of the most respected global engineering, construction and project management companies states in their conflict of interest requirements

About Bechtel

Bechtel is one of the most respected global engineering, construction, and project management companies. Together with our customers, we deliver landmark projects that create long-term progress and economic growth.

Bechtel has established a process to review and prevent actual or apparent conflicts of interest. It provides requirements for disclosing potential conflicts of interest and the process for obtaining a conflict of interest review. It applies to all Bechtel organization and entity employees, contract labor, consultants, and others acting for the company.
 
Respectfully submitted, 

Jeffrey D. Zwirn, President, Zwirn Corporation

 

Larry: 

Please consider when a company installs listed versus non-listed alarm system equipment such a siren driver that is not listed or a relay that is not listed to save money, or out of ignorance.

Is it ever acceptable to allow profitability of a company and/or an equipment manufacturer and/or a central station, to override the safety and security of a subscriber to enhance their profits?  Of course it is not.

I design and install alarm systems correctly and I am unilaterally consistent with this methodology in the training that I have provided and continue to provide to the technical community of the alarm industry and in my peer reviewed book, the Alarm Science Manual. There are many peer reviewers of my book, which include, but are not limited to industry legend Ralph Sevinor and legal legend for the Alarm Industry Lessing Gold.  I am glad to send you a copy of my book if you would like to read it.

I do not know of any special protection that the Honeywell equipment has on its data-bus. Please elaborate.

The technology now exists to make many equipment manufacturers control panels safer, and if my technology was integrated into their control panels, it would accomplish that task as it relates to the control panels data-bus vulnerability. The costs would be minimal as well.

Think about it, is there any other part of an alarm system that is not supervised, except for the data-bus? The short answer is NO.

By way of example: AC input- Supervised; DC Battery- Supervised; Normally Open and Normally Closed Circuits- Supervised; Audible Indicating Devices- Supervised; Automated DACT and Wireless GSM Radios- When Monitored properly shall be Supervised by the Remote Station or Central Station.

If someone else has another invention to make a control panel safer, or any other part of a security system safer, I would not wait to blink if the technology worked as represented and yes the subscriber needs to be informed and charged accordingly.

Before the Interceptor was developed by me, there was no technology to address the Honeywell and other control panels vulnerability on their data-bus; so since the Interceptor was invented, it is germane as a solution.

The same rationale holds true as to encrypted wireless now being available from Honeywell. 

Equally important, when Honeywell offered their Lyric control panel and promoted its advanced features, was it wrong for them in your opinion to market their advancements because I do not see any difference. Without question, Honeywell's encrypted wireless is much more secure and makes the Honeywell products much safer. When have you ever heard of a successful SDR attack during a burglary on a non-encrypted wireless alarm system. 

It has happened but compared to the data-bus vulnerability from fire and intrusion, and the Interceptor, it is far removed from the same level of foreseeability. 

Respectfully submitted, 

Jeffrey D. Zwirn, President, Zwirn Corporation

Larry 

A fire starting in an attic that attacks the data-bus is not going to be detected by a smoke detector nor would a smoke detector above the FACU be able to detect same either.

The Interceptor like many other alarm products, such as the Invention of Cell Units for Alarm Systems and CO Detectors under UL-2075, are designed to make alarm systems safer. It is not about scaring anyone, it is about trying to address a vulnerability that before now was not addressed. Remember the first generation of CO detectors without end of life warning and no trouble contacts if its electrochemical sensor prematurely failed?  

Kens contract is excellent, but no alarm contractor can expect that their contract or even Ken's contract, will always protect them no matter what they do and/or do not do. I hope that you are not suggesting otherwise. 

I would not expect that Honeywell would send out a technical bulletin on the issue at hand, and just like you, my company provides Honeywell equipment to customers, but when the non-encrypted wireless claims started to be filed against national alarm companies, for both the alarm dealers and equipment manufacturers failing to disclose to their subscribes that their wireless system was not encrypted, I still never received a technical bulletin; so I do not think it is an understatement to posit that getting or not getting a technical bulletin is a save all to create or minimize liability. 

If you have a lawyer that is willing to put something in writing I would surely like to see it. Given that, if you talk to ten lawyers you will get many different opinions, that is why I wanted  to see a legal opinion letter in writing and from an alarm industry lawyer as well; not a generalist. Similarly, in a litigated there is always an argument between the two parties, ergo that is generally a condition precedent as to why suit was filed.

A Defendant can always try to argue anything, but if someone dies or is seriously injured or suffers a loss, due to an accidental or intentional data-bus failure, it defies logic that any alarm contractor and/or any equipment manufacturer would not want to help protect their subscribers.

Respectfully submitted,

Jeffrey D. Zwirn, President, Zwirn Corporation

Your making an assumption that my fire alarms do not have attic protection and you are wrong, as they all do. 

Honeywell claimed for years they had encryption on their wireless albeit maybe not good enough. 

I must say having manufactured and sold hundreds of thousands of alarm panels to dealers worldwide I have NEVER heard of a data bus failure. I have heard and seen many failures due to hardware and software bugs. Does your invention inject a supervisory signal through all the components of a alarm panel to supervise for component failure? 

What are we as an industry doing about jamming of GSM radios ? I have seen this failure mode as well. Depending on when the supervisory signal is set for and transmits it could be almost 24 hours to know it has failed. I think the weakness in the GSM transmission technology is much more common than data bus failure. The cable to the external antenna is not supervised either. 

Larry: 

You asked the following question.

How many cases have there been with losses to the manufacture or dealer due to data bus damages?

I have been involved in literally hundreds and hundreds and hundreds of cases since 1980 and yes the equipment during certain time periods was different than it is today and so was the technology. Therefore, something had to be done, so I invented the solution and now it is more important than ever, as there are such a multitude of devices which are required to reside on the data-bus, it is remarkable and in my opinion foreseeably dangerous.

You also stated that; In this instance, UL nor ETL or NFPA ( or Cal Fire Marshall) standards require a manufacturer to use special protection of the data bus. 

I think what you point out here resonates with what my concerns are today with the data-bus vulnerability on many popular control panels.

One final note, the litigation and the forensics of experts today, including myself, are vastly different then when I first testified in 1980, so it is mission critical that both alarm dealers and equipment manufacturers use their best efforts in helping to best electronically protect their subscribers before any type of loss occurs. 

Respectfully submitted,

Jeffrey D. Zwirn, President, ZWIRN Corporation

 

 

 

Apparently posting as Undisclosed reduces liability as well.

Anyone who wants to makes comments in an undisclosed fashion and wants to hide behind the fact that they could lose their job if they disclosed who they are, should state so in their comments with specificity.  In other words, mere words without a background of who these people are, as to their education, skill. knowledge, training and experience is very troubling to me. 

In fact, I have not seen one comment whereby the undisclosed person has stated why they believe that they need to be undisclosed.

Conversely, in the litigated cases which I have been forensically involved in since 1980, no one who remains anonymous can testify, nor can they be deemed credible, nor would a jury or court ever hear any of their opinions.  I think that IPVM should recognize the value of transparency and full disclosure.

Respectfully submitted,

Jeffrey D. Zwirn, President, Zwirn Corporation.

 

 

 

 

 

 

Jeffrey -

The rationale behind Undisclosed posters has been "asked and answered" repeatedly in the past. Undisclosed posters are not "hiding", it is a feature of IPVM that was added due to user demand and practical requirement.

Questions asked as Undisclosed are not any less valid then those asked by people disclosing their real names. When and if a person attempts to use Undisclosed to hide some personal interest, affiliation, or conflict of interest, in a topic, we call it out appropriately (not disclosing their name, but making other commenters aware of the conflict/association).

You can be assured that the IPVM admins are aware of the identities of the Undisclosed posters here and that you should consider their questions no less valuable, or suitable for response, than any other questions.

Conversely, in the litigated cases which I have been forensically involved in since 1980, no one who remains anonymous can testify, nor can they be deemed credible, nor would a jury or court ever hear any of their opinions. 

Should IPVM ever branch out into being a court system, we will keep this advice in mind. For now though, Undisclosed posts are as credible as any other post.

Brian:

I strongly dispute that you have "asked and answered" anything about allowing persons to post as Undisclosed. As you know, I am not the first and will certainly not be the last person to question same.

Think about it, UL, FM, CSAA, NICET, SIA, CSAA, NFPA, ESA and ASCET have never followed this "rationale". Are you truly saying that all of these organizations with probably millions of users are wrong? 

User demand and practical requirement are never a replacement for transparency. 

Undisclosed persons are grossly less valid than persons who disclose who they are

 

I appreciate what IPVM does, but allowing persons to comment anonymously is not helpful at all, nor is it fair to persons who disclose themselves and take full responsibility for their respective positions.

Respectfully submitted,

Jeffrey D. Zwirn, President, ZWIRN Corporation

I appreciate what IPVM does, but allowing persons to comment anonymously is not helpful at all...

I assume you can see, but choose to ignore the irony here; namely that anyone that would actually be concerned about being asked:

Would you ever knowingly recommend and install any alarm system if it contained an unprotected vulnerability on its data-bus?

would be better off not being named in a discussion regarding the same.

Also, considering you seem quite interested in the identity of the posters here, were something unfortunate to happen involving one of them, you might even remember their name and be able to add your direct testimony:

Given that, my opinions for both plaintiffs and defendants alike as to identifying responsible parties and helping to minimize liability and risk, have been part of my core competence for almost four decades.

...is common practice for forensic experts to assist counsel in their questioning of deponents. No kidding. This is equally important for both Plaintiffs and Defendants who I have worked with since 1980...

In short, if you are right about the risk, why should anyone make on the record statements?

Thank you for your feedback. When I identified the problem I invented the solution. Remember the saying, if you see something you should say something. Well I did just that.

If In other words, mere words without a background of who these people are, as to their education, skill. knowledge, training and experience is very troubling to me.

I’m not sure why my Undisclosed comments should be troubling to you. Please review again.

Overwhelmingly I have posted only questions, both technical and otherwise, with very little opinion that would require me to list my CV. 

To your credit, you have answered almost all of them promptly.

However, I cannot overlook the fact that you cannot provide (other than anonymously) Exhibit A in your presentation: Namely a judgement against an Integrator who installed an unprotected databus system.

This is key, as you return time and time again to this liability argument in your rhetoric.  Imagine if you could actually post s few actual cases with awards, that would be convincing, no?

Anyway, I would be interested in any cases regarding databus liability at this point.  Whether you were or weren’t involved, whether they were settled, Manufacturer or Integrator.  Anything.

And I have searched myself and can’t find them, though it’s admittedly tough depending on how they might be worded.  Also, I can’t find any on Ken K.’s site either.

Thank you for your response. It's interesting that you respond as undisclosed but when I tell you that these cases are settled under strict confidentiality agreements for obvious reasons, you think this is rhetoric? It is not even close.

Disclosing names would breach the confidentiality agreements and often times, court orders as well.

Location: New Jersey, a nationally recognized alarm system company settles a case for 35 million dollars due to the death of two persons. One is a doctor. The failure of the system was due to a data-bus attack by fire. 

Location: California, an alarm company and equipment manufacturer settles a case for 6 million dollars on a subrogation claim; when a fire alarm system in a household is rendered non-functional due to fire attacking the systems data-bus and no signals transmit to the remote station.

Location: St Louis, two persons are seriously injured when a fire attacks the systems data-bus and it fails to report an alarm signal to the remote station. The equipment manufacturer settles the claim for 4 million dollars.

Judgments can be public record, but in the cases that I am involved in when a judgment is rendered, the non-prevailing party often times agrees to pay the judgment in exchange for a confidentiality agreement. See Security Sales and Integration magazine for articles that I have authored and for articles that have been authored about me and the forensic cases that I have been involved in as a forensic expert. 

It is rare for any of the parties names to be disclosed and once again it is for obvious reasons. 

These are but a few of the cases. Remember, it was these and other loses that I forensically investigated which were the impetus of me inventing the Interceptor. Otherwise how I would I have gained  this technical awareness? 

Respectfully submitted, 

Jeffrey Zwirn, President, Zwirn Corporation

 

I agree. Its easy for persons who are not disclosed to posit without anyone knowing who they are.

wrong.  Undisclosed does not mean nobody knows who I am.

Every IPVM admin knows who I am.

IPVM knowing you, does not help at all for disclosed commenter's being able to evaluate who you arem and as to your core competencies, independently of IPVM.

Jeff -

Considering that customers tend to have a somewhat limited overall budget, is it your position that the Interceptor is bar-none the most effective way to spend $120 with the goal of increasing the overall effectiveness and reliability of their system?

Your arguments here revolve around integrators being liable for not doing everything they could to ensure the system performs as intended, and protects the safety of its users.

Is the Interceptor a better spend of $120 than adding more door/window contacts, alarm screens, CO detectors, backup dialers, security cameras, etc?

When you posit that the Interceptor should be sold with every system with a vulnerable databus, what do you estimate the "average" system to be made up of in terms of percentage of ingress/egress points monitored, life safety devices installed/monitored (smoke alarms, CO alarms, etc.)?

If a user had to choose between having an Interceptor installed, and having a monitored smoke alarm installed (e.g.: assuming they have to choose one or the other within their budget) which device would you say has greater practical value for providing safety and security?

Brian:

Thank you for your comments. In my over forty (40) years of experience in the alarm industry,   I have found that some customers have a limited budget, and I have also found that many other customers want an alarm system which provides for real security, not just three doors and a motion detector, and by no means would these customers ever believe that they could get an alarm system of quality for free.

The Interceptor provides safety and security to the data-bus; which as you know, and until now, was not available on the control panels addressed. Comparing it to a bar-none equivalent is not the way to judge its value. By way of explanation, what about the millions and millions of existing alarm systems that alarm contractors are aggressively paying multiples to acquire at the tune of  a 30 to 40 times multiple, and more, of RMR? How about using the Interceptor at a cost of just $120 in order to demonstrate to this class of accounts; that the alarm contractor does not purchase or that they cannot afford to buy; that the alarm contractor, will provide a safety and security enhancement to their existing alarm systems control panel, either for free, or at some other cost to earn this new customers RMR business. You do the math. Once the alarm dealer demonstrates what happens to this customer’s control panel without the Interceptor, and what happens when the Interceptor is installed, on that same control panel, I have found it to be a game changer.

As to your bar none proposition, with regards to protecting the control panels data-bus, yes it is one of the best ways to make an alarm system safer, at just $120. That said, as licensing of the Interceptor technology ramps up, the costs for this technology will be greatly reduced.

The primary focus of using the Interceptor, which is made in the US, is laser driven around making the alarm system safer, and consequently, better protecting families and business owners who rely on their security systems for peace of mind, and to help them minimize serious personal injury, death, and loss of assets. Contemporaneously, it dramatically reduces risk and liability to the alarm dealer, and the equipment manufacturer as well. In other words, recommending and installing the Interceptor is a win, win situation. Comparing the minimal investment of the Interceptor to other component parts of the alarm system is apples and oranges, but if the data bus foreseeably fails, either accidentally or intentionally, none of what you referenced except for security cameras would function as intended; to the extent that the control panel set utilized a wireless radio alarm transmitter for all communications to the central station.

When you posit that the Interceptor should be sold with every system with a vulnerable databus, what do you estimate the "average" system to be made up of in terms of percentage of ingress/egress points monitored, life safety devices installed/monitored (smoke alarms, CO alarms, etc.)? That question varies greatly so it depends; but once the Interceptor technology is licensed, its costs will be dramatically reduced. Additionally, I have authorized dealers who have used the Interceptor, as a way to close the sale; so what is that worth?

This is just the tip of the iceberg,

 If a user had to choose between having an Interceptor installed, and having a monitored smoke alarm installed (e.g.: assuming they have to choose one or the other within their budget) which device would you say has greater practical value for providing safety and security? Brian, with all due respect, the proper terminology of what the alarm industry monitors, is not a UL-217 Smoke Alarm, it is a Smoke Detector. Moving on, just installing one smoke detector in a home would not comply with industry standards, as there is no best location for a single smoke detector in a household.  The proper quantity of smoke detectors has a great value, but if the data-bus fails, as elaborated to previously; the smoke detectors life safety function, will both dangerously and instantly fail.

Think of any product in the industry that makes alarm systems safer, and you will now find the Interceptor. 

Respectfully submitted,

Jeffrey D. Zwirn, President, Zwirn Corporation

Jeff,

With respect, you've made your point long ago up-thread.  At this point you're doing yourself no favors.

Sincerely,

An IPVM member who chooses to remain undisclosed due to employer policy but doesn't have to justify it to anyone anyway.

Point made. However, I have responded to many individually with different points of view, so that is why I have been duplicative 

Can IPVM reach out to Honeywell, et al, for comment, if it hasn’t already?

This thread gives me Rockoff flashbacks due to the sheer arrogance on display.

Actually he makes Rockoff look like Job.

To All: 

For your information and in support of what I advised you about in pertinent part: 

https://www.adthomesecuritysettlement.com/

ADT Home Security Settlement

Michael Edenborough v. The ADT Corporation and ADT, LLC d/b/a ADT Security Services
United States District Court, Northern District of California, Case No. 16-cv-02233-JST

Welcome to the ADT Home Security Settlement Website

IF BETWEEN NOVEMBER 13, 2009 AND AUGUST 15, 2016, YOU ENTERED INTO A CONTRACT WITH ADT OR AN ADT DEALER FOR INSTALLATION OF A RESIDENTIAL SECURITY SYSTEM THAT UTILIZES ONE OR MORE WIRELESS SENSORS, THIS NOTICE CONTAINS IMPORTANT INFORMATION THAT MAY PERTAIN TO YOU. PLEASE READ IT CAREFULLY. YOU COULD GET A PAYMENT FROM A CLASS ACTION SETTLEMENT, BUT YOU NEED TO SUBMIT A FORM TO DO SO.

ADT CORPORATION and ADT LLC (collectively “ADT”) has agreed to pay $16,000,000 in a nationwide settlement of all claims alleged against ADT in Michael Edenborough v. The ADT Corporation and ADT, LLC d/b/a ADT Security Services, Case No. 16-cv-02233-JST (USDC ND California) (“the Edenborough Action”) and several other putative class action cases filed on behalf of ADT customers nationwide (“the Related Actions”). The proposed settlement (“the Settlement”) is a compromise of all claims alleging that ADT failed to disclose an alleged vulnerability of the wireless signals in its residential security systems to evasion or jamming by electronic devices. ADT denies the allegations, denies liability, and asserts numerous defenses. The Settlement avoids the costs and risks from continuing the lawsuit, pays money to certain current and former ADT customers, and releases ADT from further liability (except for claims of personal injury or for loss of or damage to property).

Respectfully submitted, 

Jeffrey Zwirn, President, Zwirn Corporation

If you read me regularly, you may recall columns and articles regarding a class action lawsuit filed against ADT where plaintiff, a residential subscriber, alleged ADT’s wireless home security equipment that could be hacked by third parties (see www.securityinfowatch.com/12067881).

As a result, the complaint claimed, signals from ADT’s systems (from panel to peripherals and back again) could be intercepted and interfered with by persons who wanted to gain access to premises. This month’s column provides an update – and a resolution from ADT’s perspective.

Since I last wrote about the initial class action lawsuit (Baker vs. ADT – read the full complaint at www.securityinfowatch.com/12022162), additional groups of plaintiffs filed similar class actions against ADT in other state and federal courts. All said, ADT faced consumer protection-type class action lawsuits in state or federal courts in four different states – California, Illinois, Arizona and Florida.

Generally speaking, the various class plaintiffs claimed that third parties – burglars – could disable or suppress ADT’s residential security systems or cause those systems to activate where there actually was no security breach. According to plaintiffs, would-be burglars could do so in order to determine if police were dispatched in response to an alarm and, waiting until police were not dispatched, in order to strike. At least one plaintiff also alleged hackers could use a subscriber’s security cameras to spy on subscribers while in the premises.

The crux of the legal claim was that ADT told its customers the systems were secure when they were not and that ADT knew the systems were not secure.

Following months of expensive discovery, including 17 depositions and ADT’s production of 45,000 pages of documents, extensive settlement negotiations and a two-day mediation conference, ADT recently announced a $16 million settlement of the lawsuits, translating into a nationwide class settlement, the payment of legal fees for class counsel and monetary awards for subscribers ranging from $15 to $45. The amount that goes to subscribers seems quite low given plaintiffs’ allegations, but that is typical of many consumer class actions.

The class consists of all residential subscribers between 2009 and 2016. The settlement excludes a subscriber’s claims for personal injury or property damage (preserving subscriber claims for catastrophic losses).

Respectfully submitted, 

Jeffrey D. Zwirn, President, Zwirn Corporation

I've been following this online conversation and I'm a bit taken back.  I don't have skin the game regarding the product, but I do care deeply about this industry where I spent the last 38 years.  We are talking security which I would hope is a direct relation to integrity.  Putting aside the how to's and cost and how it should be sold, I would hope, that everyone would agree that this technology must be part of anything critical that rides a keypad bus.  Why the banter and borderline argument.  It really appears to be a no brainer that it is necessary.  The discussion should go to the manufacturers and providers on why it is not standard.  It would be nice to have a manufacturer that is clearly effected by this vulnerability to share some thoughts.

Dear Brian: 

Here are my responses to your questions.

Why are these "foreseeable"? Do you think a court would accept that databus failures are so common and foreseeable that alarm installers should consider them to be an almost expected point of failure/weakness?  

The recent ADT Settlement which I posted unilaterally demonstrates how significant it was (as to what is disclosed and as to what is not disclosed by an alarm contractor to subscribers) based on ADT failing to disclose to the customer that their wireless technology was not encrypted.  This was an omissions case and in my opinion ADT did not agree to pay a whopping $16,000,000 if they did not feel the liability which they were faced with in deciding to settle this case; versus going to court on it. In other words, ADT agreeing to pay a mind numbing $16,000,000 speaks volumes as to their liability here.

Also, should installers be expected to offer the customer every conceivable form of additional protection? What about using armored cable, heavy gauge cabinets, etc?

The ADT case and others demonstrate the need to offer the customer the full range of equipment and services available, which would include but not be limited to wireless radios and other technologies.

How are these alarm panel manufacturers staying business, and avoiding liabilities, for so many years without addressing this issue themselves? It is not like they could not solve the problem in the panel if they wanted to, but the additional cost is seemingly not justified.

Manufacturers and their insurance companies have been paying out on these claims for decades, you just do not hear about it for obvious reasons. Licensing the Interceptor technology would be inexpensive because it would be integral to the systems mother board, compared to someone purchasing the Interceptor’s patent pending technology add-on device, which is still cost effective based on everything that is foreseeably at risk.

Respectfully submitted,

 

Jeffrey D. Zwirn, President, ZWIRN Corporation

Manufacturers and their insurance companies have been paying out on these claims for decades, you just do not hear about it for obvious reasons. Licensing the Interceptor technology would be inexpensive...

Paying out on databus claims for decades?

Jeffrey, no disrespect intended to your invention, but surely these companies could easily come up with their own remediation to their own product, had they found it worth their while to do so.

By your own admission, they haven’t, which means either 1)they’re not smart enough to come up with a way of isolating the dual-band from the keypad bus or 2) they like to lose money for years on end.

So which is it?

 

Thank you very much for your feedback. Good point, but I do not think that anyone could know the answer to that question. That said, in my opinion it was completely missed, or maybe some manufacturers do not care or maybe it was a little bit of both.  Another comparison could be made to the invention of dual technology motion detectors so long ago versus companies who only made single technology motion detectors, and the first generation of CO detectors when they did not have end of life warning and/or before they had separate trouble outputs which could be connected to the control panel set of the alarm system.  

If you recall I only thought of the idea for the Interceptor after I kept witnessing, (after the fact) losses whereby the data-bus wiring of alarm systems were being accidentally attacked by fires and causing the systems to fail, in that the alarm system did not sound (because the data-bus wiring was attacked by fire in the attic and/or in the walls of the premises) and no fire alarm signal was transmitted to the central station. Again, this was identified by me during my forensic investigations of these losses.

The same holds true as to what I witnesssed with regards to intentional keypad and motion detector attacks to shut down the control panel data-bus, in an effort by the criminal element to circumvent the alarm system.

As stated above, this is information which I harvested as part of my forensic investigations that I have performed across the country since 1980. 

The Interceptor is patent pending, so any company wanting to license the technology has the opportunity to do so by contacting me directly. 

 

Respectfully submitted, 

 

Jeffrey D. Zwirn, President, ZWIRN Corporation

 

Jeffery 

i can assure you that Radionics, C&K Systems or Detection Systems never had a claim against them for a Data bus failure in the 19 years I was in management of these companies. As I stated previously I never heard of one failure due to data bus issues. 

Also in the eleven years I have run my security company I have not had a data bus failure. 

So who as you state have been paying out these claims?