The Interceptor Aims To Fix Vulnerability In Millions of Alarm Systems

Published Jan 08, 2018 15:28 PM

IPVM ImageSecurity executive Jeffery Zwirn claims a 'catastrophic' flaw exists in 'millions of alarm systems', and dealers could be liable if not fixed. His product, The Interceptor prevents a thief or building fire from locking up an alarm panel to prevent it from dialing out, sounding keypad alarms, or from triggering alarm messages at the worst possible time.

Alarm ******** ****** *** '*** ***** ** *** ***' *******

***** **** ****: "******* ****** ** the ******* ** * *********** ************* to ******** ********" **** ** "**** often ****** ******** ***** ******* **************." He ********* ** * ***** ******* deeming ***** ******* ***** ********* *** *** '***** of *** ***' ****** ******** **** The ***********:

"************* ** ******** ***** ******, ************ and ******* *** *** ** **** for ******** ***** ** ****** ******* liability, ********** *** ****** ** ******* warranties ** * ******* ****** **** the ****** ** ******** *** **** to * ******** ** ********* ** defective *** ****** ** *********** ** personal ****** ** ******** ******. ***** lawsuits **** *************, ************, ******* *** their ******** ******** **** ******** ** dollars ** ****** **** *** ***** year."

The *******: ******** ***** ******* *** **** **** **

*** ******************** *** ******** *** ** ******* serial ******* ******** ******* *** ********* devices ** '**** **' *** ****** unresponsive. ****** *** ***** **** * building **** ***** ******, ** **** a ******* ***** *** ** ****** with * ****** ****** ** ** entrance.

*** ******** *** ****** ****** '***** of *** ***' **** * ***** supervision ****, ********** **** ****** **** killing *** ******** ******* *** ******* that ******** ******* **** ************* ***** dial *** ** ******* *******.

************ ** ********* ** '******, *** not ***' ~ **-****** ******* *** alarm **********, ********* ******* ********* ********* regardless ** *****:

IPVM Image

***********, *** ******* **** *** **** power **** *** ***** ********, *** rather ** **** **** *** *****'* backup *******, ******* ******** *** '********** short' ********* **** ******** *** ****** bus. ******, ******* ******** ******** ********* to *** *****'* **** *** *** then ********* ** *** *********** *******.

How ******* ******* ****** *******

***** ******** *** ******* ******* **** alarms *** ********** ** ******* *******:

******** *****

** ***** ****** **** ******** ****** a ****, *** ***** ******* *** be *******, *** ********** ***** **** cabling ***** **** ******* ****** *** crawlspaces ** ** ********* ********** ** high ****. **** ** ******** ******** to **** *** ****** *** ***** and *********** ****** *** ****** **********.

********* ****** *****-***

******* *** ******* ****** *** ** shorted ******** ********* ********* *** **** during * ********. **** ** ******** breaks **** * ****, **** ****** a ****** (***** ******* ** * garage **** ** ***-********* ****), ****** it **** * ****, **** ** twist ******** *** ** *** ***** on *** ****, *** ** **** before *** ****** ***** *** ** a ******* *******.

**** ******* **** ** ********** ** a *********, *** ********, ****** ***** found. *********, *** ******* ******** ******* a ********* ****** ******, ******** ** high ****** (*** ******) *** ***** shorting ***** ** *** **** ****** a ********** ******* **** ** ****.

Panel ******* *********

********* ***** ****** ********* ******* ********** ports *** ******* **** *** *** simple ** (******** ****) *** ** (normally ******) ******* *******. *** '*******' is ***** **** *** ********* ******** and ******** **** *** ***** *****, and ****** ******* *** ********* ********* on ***** ***** ** *****.

***** *** ***** **** ** ***** ports **** ** ************, **** *** identified ** *** **** **** ******* 2 **** *********** (**/**) *** * power *********** (+/-) *** ****. *** image ***** ***** ** ******* ** databus ***** ** ****** *-****** *****:

IPVM Image

The *********** ******* ********

*** *********'* **** ***** ** ******** below *** ***** *** *********** ** how *** ***** ******** ** * typical ***** ******:

Add-in *********** *****

*** ******* ** * ***** ~*" X *.*" ******* ***** **** ********* inside ******** ***** ***** **********. *** card *** ** **** ** ~$***, and *** *** *** ******* ** needed, ********* *** **** *** *****.

***** ******* ******** ********* ******** ** a ***** *** **** ******** ** this ****, ***** ** ************ ***** and ***** ***** **** *** ******'* battery:

IPVM Image

********* ******* ********* ********* ** ***** channels ******* ******** ***** *******, ****** sensors, **** *********, *************, *** ********* relays. *******, *** **** ** *** used ** ********** ***** ***** ** zoned ********** **** ****/****** ********, ***** break *******, ** ******** ******* ***** a ***** ********** *****. ***** ***** of *********** *** *** ********* ********** to *** ********** ***** ****, *** are **** ******** *******, ** *** Interceptor *** ** ******.

Not ******** ** ******* ******* '*****-***'

***** **** ** ** *** ****** that ******* ******** '*********' ** '*****-**' polling, ***** *** ******* ***** **** to *** ***** ****** **** *** panel ******* *** *******, ***** ****** a ******* *******.

***** *****-*** *** ************ *********, ***** scheduled **** *** *** ** **** once *** *****. *** '*********' ** used ** ******* '*** ** ****' with * ***** ******* *** ***** initiating **, *** ** ******* ** discovering ***** ******** ** ** ******* is ****. ********, ***** **** **** if **** * ******** *** ******** even ** *** ***** **** ** a ******* ******** ***** *** *********, that ********* ***** ****** ** ********** as * '*******' *****, *** * full-fledged '*****' **** ******** ***** ********* dispatch.

Problem ** ****, *** ***, ******

*******, *** *** ***** ****** *** vulnerable ** *** ******* *** *********** addresses. ***********, *****-*****, ********* ***** ******* can **, *** *** ******** ** 'all-in-one' ***** ****** **** ****** **** integrated ****** *******, *** ***** ******* often *** ******* **** ***** *** using **** *** ******** ** ***.

***** ************ ********** *** ****** ******* as ********** ** ****** *********** ** ******* **********, ****** ********** '****** ********** ** the *********** ******':

************, ******* ********* * *******, ******-**** data *** ******* (******* **) *** ** *********** **** *** card.

*******, *** ********* *** *** ****** the **** **** *** ******* ***** a **** ***. *** *******,*** ** ************** *-****** ************* *** **** ****** ** *** company ** ********** ** ******* *** card.

Unneeded ** ***-**-*** ******** *******

************, *** ** *** **** ******* residential ***** ****** **** ******* **** not ******* **** *** ****, ************* ********* ******,*********'* **** ***** ****,*** ******* / ******, *** *** ********* ************* *********-****** *** ********* ******,**********,**** ******,******, *** *** ********* ** **** others ** *** ******** *****.

For ***** ******, *** ***** *******, *** *** *********** *******

* *** ****** ** *** **** of ****** ** *** *********** ** the **** *** ********** ** ********** adding ** **** ********* ** *** millions ** ****** ** ***. ***** tells ** **** ******* *********** ******* manufacturers **** *** ********, **** **** yet ********* *********** ** ****** ** or ********* ** ** ***** *******.

******* **** **** *** ***** *********, this ******** *** ***** *** *********** addresses ** *** ********** * *********** problem, *** *** **** * ************ source ** ******* *** ****** *** users ** ***** *************.

Potential *************

** ***** ** ******* *******, *** Interceptor ***** **** *********. ** *** two ***** ******** **** ***** ***** acceptance:

  • **** *** *****:**** ****** ******* ** *** *** Interceptor ***** ** *** ******** ** whether *** **** ** ********* ** significant ****** ** ******* *********. ** general, *** **** ** ******** ******** into * ***** ** ******** **** enough *** **** ******** *** * keypad ** ******** ** *** ******* 'smash & ****' ********* ******** ***** a ***** ******, ******, *** ***** as ******* ** ********.
  • * *******, *** *******:*** ****-**** ******* ** ******* ** requiring *** ******** ** * ********** installed ****** **** ***** ** ********* resolved ** *** ************ ******* * product ********. ***** **** ** ** open ** ********* *** ******** ** manufacturers, *********** ******** *********** **** *** more ******* ********** * '**********' ****** issue.

Vote / ****

Comments (198)
Avatar
Ari Erenthal
Jan 08, 2018
Chesapeake & Midlantic

Yes, I wouldn't be surprised to learn it's possible to blow the panel by shorting the data bus, but so what? The data bus is going to be on the protected side anyway.

I'm sure that, with practice, a bad guy could learn to pull the keypad off the wall, yank the wire, and short the bus before the delay ends, but I don't feel real confident that they could pull that maneuver off perfectly every time. 

And fires? Please. How often does it happen that a fire is so fast and intense that it melts bus cables together but doesn't hit the smoke detector? 

Any intrusion detection system designer needs to take unlikely events into account, and mitigate even unlikely possibilities, just in case, but calling it a "catastrophic" flaw is overstating things. 

(12)
(1)
(2)
JZ
Jeff Zwirn
Jan 08, 2018

Mr. Erenthal: 

Thank you very much for your post regarding the Interceptor.

There is no protected side on the data-bus of the Honeywell Vista Line of Control Panels or on the Interlogix Concord IV Control Panel.

In other words, once the data-bus wiring is shorted out, whether accidentally or intentionally, all other equipment which is required to be connected to the data-bus wiring in parallel, such as an Alarm Net Radio for the Vista Control Panels or an Alarm.com radio for the UTC Control Panels (wireless radio alarm transmitters) this equipment will instantly fail to function. 

If you have anything which technically supports that the data-bus wiring and all connected devices which reside on same will continue to function when there is a short on the data-bus, please send it to me or post it on this portal. 

Kindly review my other response, as what you posit is not consistent with the limitations of all of the Honeywell Vista Control Panels, the Interlogix UTC Concord IV Control Panels and many other Control Panels. 

As to fire impeding the data-bus wiring, attic fires are so commonplace that NFPA 72 recommends that rate of rise heat detectors be installed in these critical areas of the protected premises. Obviously, a rate of rise heat detector cannot provide ubiquitous coverage and even if it could, it is not an early warning device.

Concurrently, a smoke detector in the common area of the premises, is not technically capable of detecting a fire in the attic of a premises, and until such time that the fire penetrates into the footprint of the home, and the particles of combustion reach the smoke detector, it will not be activated.

The control panel data-bus wiring vulnerability identified by Zwirn Corporation is a serious one, both to equipment manufacturers, and to each of the companies who select and install these products.

I look forward to your feedback. 

Respectfully submitted, 

Jeffrey D. Zwirn, CPP, CFPS, CFE, FACFEI, CHS-IV, SET, CCI, MBAT, Zwirn Corporation

 

 

 

 

(1)
Avatar
Ari Erenthal
Jan 08, 2018
Chesapeake & Midlantic

Look, Jeffrey, everybody knows you're one of the most knowledgeable people in this business. I don't think you're wrong here, I just think you're overstating the likelihood of a problem occurring. 

When I said "protected side", I meant the alarmed area. You're forgetting that your bad guy (probably) has to get past a contact to get to the bus line. 

I agree that it takes no technical skill to rip a keypad off the wall. However, if you're using CP-01 standards, the entry delay will be set to 30 seconds. So your bad guy has 30 seconds to get inside, find the keypad, rip it off the wall, yank the wire, and short the bus. It can be done in 30 seconds, but it's much less of a sure thing than you make it sound. 

I am skeptical that dipping a keypad into a bucket of water is a reliable way to short the bus and blow the panel. I am extremely skeptical that this can be done in 30 seconds. I'm not saying it's impossible, I'm saying the timing seems iffy. 

As far as fire goes, it is my understanding that a RoR detector is an early warning detector by definition. Am I wrong?

(2)
JZ
Jeff Zwirn
Jan 09, 2018

Ari: 

 

Thank you for your response and your comments about me. i would never overstate what involves the safety, security and life safety on a security system. Remember there are four stages to a fire. Incipient, smoldering, flame and heat and we are talking about a Rate of Rise Heat Detector here.

Clearly, if a Rate of Rise Heat Detector was an early warning device, which it is not, besides what I have elaborated to above, the equipment manufacturers of this equipment would not note the following warning regarding the limitations on this equipment which they manufacturer and sell. It specifically states the following in capital letters, HEAT DETECTOR NOT A LIFE SAFETY DEVICE.

Similarly, no AHJ would ever provide a Certificate of Occupancy to any home if they only had Rate of Rise Heat Detectors in a premises. Needless to say, for household applications, only a Smoke Detector can provide for early warning detection. Of course, the system needs to be professionally designed and installed.

In any event, for further information on Rate of Rise Heat Detectors please review NFPA 72 of the National Fire Alarm Code and NFPA 72 of the National Fire Alarm and Signaling Code, The Fire Protection Handbook, by the National Fire Protection Association and my Peer Reviewed book The Alarm Science Manual. 

To give you an example of how commonplace fire attacking the data-bus wiring is; fires which start in an attached garage usually burn their way into and through the exit/entry door of the home from my investigative experience being the path of least resistance. Generally, in close proximity to this door is the data-bus wiring which connects to the keypad for this exit entry door.

I have forensically witnessed this happen time and time again and unless you are out in the field forensically investigating fire and burglary losses like I have since 1980, I would not expect you to be familiar at all with what I personally seen firsthand.

This is not dramatic, this is a recipe for disaster and in the cases where I have seen the aforementioned and when a fire starts in the wall or in the attic of a home or building, what I have found consistently, is that anytime a fire comes in contact with the data-bus wiring or the power output wiring of the alarm system,  the wire always shorts. Furthermore, there is nothing else on an alarm system which is not supervised except for the data-bus wiring. Surely this defies logic.

In other words, do you think that any customer would ever knowingly purchase an alarm system if they knew that the all of the data-bus wiring which is running throughout their home is susceptible to fire impeding it, and as a result, it (the fire attacking the data-bus wiring, will instantly shut down any external dual diversity wireless radio receivers and/or any wireless radio alarm transmitters, since this equipment is required to connect in parallel to the data-bus in order for the subscriber to be equipped with wireless communications to the central station and have an app and remote control of their security system on their phone? 

To that end, I have found in the studies which I have conduced that no customer would ever knowingly accept this vulnerability on their security system. 

In 40% percent of the fire cases which I have investigated, the data-bus wiring is damaged by the fire. With this in mind, this is an unacceptable number. Conversely, with the Interceptor installed on the security system it will protect the data-bus from an accidental short or intentional attack 100% percent of the time.

With regards to an intruder attacking the system keypad, I have witnessed it first hand and my work as an active 18 year Designated Expert Instructor to the New York City Police Department has also provided me with other case studies where law enforcement has witnessed it as well.  I have seen at least 150 successful burglaries where the keypad was attacked, and/or a motion detector was attacked and as a result the alarm system failed. In fact, I know of at least two alarm distribution warehouses where an intruder followed this methodology and was successful. Luckily, I know of one case where the intruder was caught in that when he went to sell the alarm equipment on eBay it was found out and he was arrested. 

As to shorting out the system with a bucket of water, I investigated a case where I found the system keypad sitting in a bucket of water. 

The data-bus attack is foreseeable and has happened across the country. Coming full circle, if the technical community of the alarm industry does not pay attention to the equipment that we select and install, including foreseeable vulnerabilities which are designed into same, more people will be seriously injured and/or die as a result of same, or there will be a loss of assets under these circumstances, and in my opinion, this identified defect is not something that the professional alarm industry should have to accept. 

Imagine, if one of your customers was seriously injured or died as a result of an alleged alarm system failure and during my forensic investigation I find that the fire impeded the data-bus wiring. How are you going to defend what you knew could have protected the system, changed the outcome and either significantly minimized the damages or eliminated them?

Certainly, the alarm equipment manufacturer is not going to defend and idemnify you and your company, and while I am sure that you have insurance in force how many claims can you have before your insurance policy is cancelled, or what if the jury verdict against your company exceeded the amount of coverage on your policy? 

At the end of the day, the professional alarm industry is duty bound to help protect their customers and disregarding this serious control panel vulnerability does not change anything.  Besides, all alarm companies hold themselves out as experts so do you want to be that person who has to defend what is not defensible, and are you really providing peace of mind with a data-bus that is completely unprotected? The only answer is no. 

I would also like to share with you what some of the alarm companies who currently buy the Interceptor are doing. They are marketing the Interceptor to get new subscribers in that they demo an exemplar control panel and short out the data-bus. When the customer sees that their system (the exemplar) and their wireless radio alarm transmitter instantly fails, by all of the on-board radios light emitting diodes turning off, the customer is simply astonished and very upset. 

At this point, the new alarm company, trying to increase their RMR and to better protect the customer shows the potential customer what happens with their system once the Interceptor is installed, in that it is protected, instead of instantly failing.

Furthermore, the alarm system company either charges the new customer for the Interceptor at a profit, or installs it for free.  Stated differently, how can an alarm company distinguish themselves from others, including the plethora of mass marketers aggressively offering alarm monitoring for sometimes half the cost of what the industry charges?

Many alarm contractors have found that the Interceptor is their answer, and at just $120, or less, based on quantity purchasing, the Interceptor will not only make the alarm system safer, but it will help save alarm companies the average cost of purchasing monitored systems, on average, between a 30 and 40 multiple per account. 

The way that some alarm companies are marketing the Interceptor is that they show a photo of a Honeywell and/or a Concord IV keypad and state, that if you have this alarm system, you may be at risk. Ask us how we can make your alarm system safer. 

The best time to limit your liability is before a loss occurs and my invention accomplishes this mission critical task. Finally, if the Interceptor saves just one life it was well worth having it installed on the security systems which you install.

Respectfully submitted, 

Jeffrey D. Zwirn, CPP, CFPS, CFE, FACFEI, CHS-IV, SET, CCI, MBAT, Zwirn Corporation

 

 

 

 

 

 

 

 

 

 

 

 

 

(3)
(1)
Avatar
Brian Karas
Jan 09, 2018
IPVM

To give you an example of how commonplace fire attacking the data-bus wiring is; fires which start in an attached garage usually burn their way into and through the exit/entry door of the home from my investigative experience being the path of least resistance. Generally, in close proximity to this door is the data-bus wiring which connects to the keypad for this exit entry door.

You need to hire a competent marketing person, seriously. A variant of the above statement should be prominent on your site, it is a concrete example of a scenario that people can relate to, and see the value in your product. The majority of what is on the site, and much of what you have written here, is too abstract, too technical, or just otherwise distracting from people understanding the real-world benefits as it relates to their personal system.

I would also like to share with you what some of the alarm companies who currently buy the Interceptor are doing. They are marketing the Interceptor to get new subscribers in that they demo an exemplar control panel and short out the data-bus.

This too (in a wore direct/less wordy approach). This is relatable data that dealers can/should see value in.

I have seen at least 150 successful burglaries where the keypad was attacked, and/or a motion detector was attacked and as a result the alarm system failed. 

Semi-related, 150? That number is so low as to make it seem like this is a super edge-case scenario (similar to some of the questions also raised here). How many successful burglaries were the result of simple system failures that would have killed the system before we even get to worrying about databus protection? (note: the preceding is a rhetorical question, I do not need a response, just pointing out another area where you could improve your marketing/pitch). Stating you have seen 150 cases, in what has presumably been a long career in a high-density/high-crime area makes this seem like selling flood insurance in Denver.

(4)
JZ
Jeff Zwirn
Jan 10, 2018

Brian: 

Thank you very much for your feedback. 150 may seem low but if you are the customer who suffers a loss and the alarm system fails but for having the Interceptor installed on the system, than it becomes much more material. My point here is quite simple, the criminal element is becoming more sophisticated, so the alarm and security industry needs be on top of making alarm systems safer; from all types of foreseeable threats and weaknesses that can negatively impact upon the functionality and reliability of any security system. If you do not pay attention to liability it will pay attention to you. In other words, if a security system has an inherent defect, we need to provide education to equipment manufacturers and customers alike so that their loss potential is reduced.

Respectfully submitted,

Jeffrey D. Zwirn, CPP, CFPS, CFE, FACFEI, CHS-IV, SET, CCI, MBAT, Zwirn Corporation

(1)
JH
John Honovich
Jan 10, 2018
IPVM

150 may seem low but if you are the customer who suffers a loss

Jeff, one thing that might help communicate the issue is referencing it in percentage terms.

For example, your quote:

I have seen at least 150 successful burglaries where the keypad was attacked, and/or a motion detector was attacked and as a result the alarm system failed.

Is that out of 300, 1,000 or 10,000 burglaries you've reviewed? Getting a sense of how relatively common it is as an attack would help give context to how much weight should be given to fixing the problem.

Also, what percentage of those 150 successful burglaries where the alarm system has failed would not have failed if the Interceptor was used? The higher that percentage is, the stronger the case, etc.

(4)
JZ
Jeff Zwirn
Jan 16, 2018

Thank you John.

(1)
UI
Undisclosed Integrator #1
Jan 08, 2018

Seen it happen on an alarm. Bus was shorted, confused the alarm. Still sent the signals to our central station though.

Risco actually make a board similar to this to sit on their 485 bus line. You can also think about how you wire the system so vulnerable data buses for lets say external sirens wouldn't mix with more critical internal detection bus circuits. In the same way as we mix the power supply lines. 

(2)
(1)
JZ
Jeff Zwirn
Jan 08, 2018

To Whom It May Concern: 

Please identify the RISCO product which you state is similar to the Interceptor. 

As to wiring the data-bus differently, the external sirens are already connected to a different part of the control panels identified, so this point is moot, and many other control panels which have also been sold for years also have this dangerous vulnerability on their data-bus as well.  In any event, the issue here is not about the sirens, it is about how a short on the data-bus wiring will instantly impede external wireless radio alarm receivers and wireless radio alarm transmitters.

That being said, if the keypad data-bus wiring is accidentally or intentionally shorted out, there is nothing you can do to protect an external dual diversity radio receiving unit or a wireless radio alarm transmitter, since it is required to be connected in parallel to the data-bus. Until now, with the Interceptor.

In a basis sense, think of how double-pole, double-throw telephone line seizure works.

The Interceptor is an advanced microprocessor and it electronically monitors and separates all of the field devices from the mission critical devices on the security system.

The Inteceptor is also ETL Listed to UL 1023, UL 985 and UL 365. 

I look forward to your feedback. 

Thank you. 

Respectfully submitted, 

Jeffrey D. Zwirn, CPP, CFPS, CFE, FACFEI, CHS-IV,P SET, CCI, MBAT 

 

UI
Undisclosed Integrator #1
Jan 10, 2018

Hi, thanks for the message. The risco product is similar but not the same. 

https://www.riscogroup.com/products/product/6246

 

I can see where you are coming from. Rewind 4 years ago and nobody used the ODB port on a car to steal it. Now its commonplace due to the vast array of tools available. I can see no reason why the same wont be true to the databus of an alarm system.

Regarding the sirens, some alarm have a single bus and where the siren is wired via RS485 it potentially can be upset by a short / damage.

(1)
(1)
U
Undisclosed #2
Jan 10, 2018
IPVMU Certified

nice find!

 16). Each BUS Zone Expander creates a separate BUS branch, which is used only for BUS detectors connected to him. The separate BUS branch increases the total security of the system in case a determined BUS detector will be sabotaged

(4)
U
Undisclosed #2
Jan 08, 2018
IPVMU Certified

So the claim is that the on-board dialer serial device is wired in parallel with the keypad?

 

 

JZ
Jeff Zwirn
Jan 09, 2018

The claim and reality of what is integral to all Honeywell Vista Control Panels is that any equipment which is required to be connected in parallel to the systems data-bus is subject to instantly fail, if there is an accidental or intentional short on the data-bus wiring from any of the field devices, such as any of the systems keypads or any of the loop powered sensors which are also integral to the (+) and (-) power which powers the data-bus.

In-rush current attacks on the data-bus wiring is also protected by the Interceptor, as without the Interceptor, a perpetrator could TASER or connect an extension cord to the data-bus and again circumvent the alarm system.

Please see the attached schematics which are referenced in the article that Mr. Rhodes of IPVM wrote about regarding the Interceptor. These schematics were supplied by Zwirn Corporation and reflect the control panels equipment manufacturers specifications.

This is not a DACT issue per se, it is a wireless radio alarm transmitter, and other connected to the data-bus equipment issue, which on an Alarm Net radio, it is required to be connected in parallel to the data bus in order for it to operate and be able to wirelessly communicate to the Central Station during an alarm or trouble condition  

Having said that, alarm.com wireless radios are also required to have the data side of their equipment connected to the data-bus as well. The UTC Concord IV is another one of the control panels which has the same inherently dangerous vulnerability. 

The foregoing opinions are held to a reasonable degree of alarm science, technical, and professional certainty.

Thank you for your feedback.

Respectfully submitted, 

Jeffrey D. Zwirn, CPP, CFPS, CFE, FACFEI, CHS-IV,P SET, CCI, MBAT

(1)
Avatar
Brian Rhodes
Jan 08, 2018
IPVMU Certified

Jeff Zwirn responded to this post.  Here are his comments:

"Here is what I think is both objective, unbiased and critically important to subsume within same for your readers.

It takes no technical skill to rip a keypad off of the wall to short out the data bus wiring or an intruder can simply put the keypad in a bucket of water.

Most home and business systems do not have wireless keypads, they are hardwired and the rationale behind same is quite simple; true wireless keypads do not and cannot provide audible and visual detail like a hardwired keypad does. By way of example, installing an alpha keypad.

The feedback from the manufacturers who I spoke with, was that they would rather not let the public know about it as they are concerned with their liability and they would not put that in writing for obvious reasons. On the other hand, another manufacturer simply said that they are not entertaining any new ideas, without even appearing to look at the risk and vulnerabilities.

The primary life safety function of the Interceptor is for homeowners and their families since most fatal fires happen between 12 and 4 am and once the data-bus is shorted the wireless receiver is rendered non-functional unless it is built into the control panel and any radio that connect to the data-bus are instantly rendered non-functional.

The vast majority of wireless radio alarm transmitters that are being installed today are one-way radios (due to the higher cost differential in equipment and the additional cost of constant polling versus daily, weekly and monthly check-in with the central station) in that they (the one-way radios) can only test in daily, weekly or monthly and even if they test in the successful signal only identifies that the respective system was working at that time. Two-way radios can check in every 5 minutes, but if they fail to test in; it is generally considered a trouble condition even though it should be considered a burglar alarm signal. To fully understand the criticality of time, NFPA 72 requires retransmission of all fire alarm signals to the fire department or to a 911 communication center by the remote station within 90 seconds of receipt of these signals.

Therefore, if a fire attacks the data-bus, not only will the fire department not be notified by the remote station; but at best the remote station, to the extent that a two way radio is installed, would only consider the signal a low priority burglar alarm signal, based on a loss of communications. Equally important is that if the data-bus is attacked by fire, wireless smoke detectors and rate of rise heat detectors in the premises will not be heard by the control panel's wireless receiver in order to be able to alert the occupants of the home of the fire emergency, so they the family can escape before the premises become untenable. Notably, NFPA 72 assumes that the persons in the home can self escape from the home fire before it becomes untenable in the premises to occupy. Therefore, notwithstanding the remote station receiving the proper fire alarm signal, the occupants of the home may never hear the fire alarm sound, and all of the system keypads will not sound either."

(2)
(2)
JZ
Jeff Zwirn
Jan 08, 2018

I have been forensically examining alarm system cases and claims nationally since 1980 and during germane time periods I have investigated cases and claims whereby the data-bus wiring was either accidentally damaged by fire or intentionally damaged by an intruder.

Consequently, the alarm system failed to function and the central station did not receive an alarm system as it should have, whether it was a fire alarm signal or a burglar alarm signal which the alarm systems control panel should have transmitted to the central station.

People have actually died, because the survivors of the fire reported to me that the alarm system never sounded, and but for the data-bus being impeded, as I was able to forensically identify on-site, the central station would have received an alarm condition from the systems communications path, which was a wireless radio alarm transmitter.

Anyone suggesting that the data-bus wiring in the attic of a home or business or in the walls of the premises, will not be damaged and/or is not susceptible to fire damaging it before a smoke detector in the footprint of the home can activate the alarm system, is basing it on erroneous assumptions.

Undeniably, smoke detectors can only detect the visible and invisible particles of combustion that reach the detector, and since the data-bus wiring which is installed throughout the premises attic, and in the walls of the premises, creates a barrier from smoke reaching a common area smoke detector, the risk is not only foreseeable but it is an unacceptable danger which needs to be addressed. 

It is important to note that Veteran Alarm System Industry Attorney Micheal Revness of Kurtz and Revness, was asked to provide an independent legal analysis and opinion regarding the issues identified, as it relates to equipment manufacturers, alarm companies and system integrator's, to the extent that the data-bus wiring accidentally becomes shorted out by a fire, or otherwise, and/or to the extent that an intentional short occurs on the data-bus wiring by an intruder. Notably, Mr. Revness was not paid by Zwirn Corporation for this legal analysis or opinion.

Against the foregoing backdrop, the legal opinion letter which Attorney Revness provided unilaterally supports the criticality of the Interceptor being provided as an add-on device to any alarm system, or for the Interceptor technology to be incorporated into all control panels which are manufactured today. 

Certainly, if any member has questions regarding the Interceptor I am glad to respond either through jeffzwirn@alarmexpert.com or through this IPVM portal.

Respectfully submitted,

Jeffrey D. Zwirn, CPP, CFPS, FACFEI, CHS-IV, SET, CCI, MBAT  Zwirn Corporation

1-800-353-0733

 

 

 

 

(1)
(1)
Avatar
Brian Rhodes
Jan 08, 2018
IPVMU Certified

Thanks for the comment.

(1)
U
Undisclosed #2
Jan 08, 2018
IPVMU Certified

Jeffery, are you claiming that the on-board dialer serial device is essentially wired in parallel with the keypad, and thus rendered inoperative when the keypad is shorted?  Or is it that the power is shunted, starving the uart/dialer from working?

JZ
Jeff Zwirn
Jan 09, 2018

No. Please see the attached documentation on the Interceptor. 

Jeffrey D. Zwirn, CPP, CFPS, CFE, FACFEI, CHS-IV,P SET, CCI, MBAT

(1)
U
Undisclosed #3
Jan 08, 2018

"...to the extent that the data-bus wiring accidentally becomes shorted out by a fire, or otherwise, and/or to the extent that an intentional short occurs on the data-bus wiring by an intruder."

what percentage of identifiable shorts were attributed to fire vs intentional shorting by an intruder?

I ask because I think you only add the 'and/or' clarifier for dramatic effect. i.e. nobody intentionally shorted any panels.

(2)
JZ
Jeff Zwirn
Jan 09, 2018

I have already answered that question in my response to another member. Please review same. There is no dramatic effect here, except what will happen if the control panel set does not have the Interceptor installed or if its technology is not part of or incorporated into the control panel.

To the contrary of any concerns about the risk, my expert opinions are based on forensically investigating cases and claims since 1980 and nationally. Be that as it may, with regards to alarm.com, Alarm Net Radios, and others; during the time that this equipment became available to the marketplace, is when I started seeing this problem with both accidental and intentional attacks on the data-bus. For clarity both of these referenced radio manufacturers provide good equipment, but this control panel defect unacceptably impairs their ability to function reliably during an emergency and in the circumstances noted. Both alarm.com and Alarm Net Radios are the respective owners of their trademarked names. 

Respectfully submitted, 

Jeffrey D. Zwirn, CPP, CFPS, CFE, FACFEI, CHS-IV,P SET, CCI, MBAT, President Zwirn Corporation

(1)
JZ
Jeff Zwirn
Jan 08, 2018

Please look at the attached schematics. The focus is not what is connected to the phone line such as a DACT; it is when an alarm company utilizes a GSM, CDMA, or HSPA Wireless Radio Alarm Transmitter for Central Station Communications "only" for the Central Station Communications Path.

The majority of the technical community of the alarm industry is not connecting to phone lines for many reasons, including line cuts and VOIP, ergo the popularity of ALARM NET and ALARM.COM has exploded, and rightfully so. 

JDZ

Zwirn Corporation

 

(1)
U
Undisclosed #2
Jan 08, 2018
IPVMU Certified

The majority of the technical community of the alarm industry is not connecting to phone lines for many reasons...

I was just asking because mine does and the article talks about the system being prevented from ‘dialing out’ at the top.

Even though the industry is moving/has moved away from on-board dialers, do the boards still contain the functionality typically?

UI
Undisclosed Integrator #4
Jan 09, 2018

Is there any verbiage for UL installations about the protection of the databus wires? (not including keypad tamper)

Ive seen a movie/show or two that had people breaking in and disabling the system from behind the keypad but I always thought it was fake. 

JZ
Jeff Zwirn
Jan 10, 2018

Thank you for your feedback.

UL does not address and/or test for an accidental and/or an intentional short on the control panels data-bus to see if the control panel and all equipment connected to it will be negatively impacted. Clearly, if they did, the control panels referenced, and others not referenced, would instantly fail during this test methodology. Similarly, there is no keypad tamper requirement in UL 681, UL 1023 or in any UL Standard which I am aware of.

There is nothing fake with intentional attacks by the criminal element onto the data-bus wiring of an alarm system. They do not happen everyday, but this attack method has happened across the country, and the Interceptor electronically protects against this vulnerability, plus it makes the alarm system safer for data-bus wiring being impeded by fire.

Respectfully submitted,

Jeffrey D. Zwirn, CPP, CFPS, CFE, FACFEI, CHS-IV, SET, CCI, MBAT, Zwirn Corporation

(1)
(1)
U
Undisclosed #5
Jan 09, 2018

I can't speak to the alarm bus issue, but the latest building code in DC can be interpreted to require certain sections of emergency responder radio systems (emergency DAS) interconnect cabling to be two-hour rated.  One could argue this requirement should be limited to the donor antenna cable and backbone, but the code isn't clear.  In any case, code officials are thinking about fire compromising emergency systems.

Avatar
Brian Rhodes
Jan 09, 2018
IPVMU Certified

That's interesting.  How is this pragmatically satisfied?  Intumescent filled rigid conduit for all cables?

U
Undisclosed #5
Jan 09, 2018

Just as one would handle anything else that requires the same rating, like a typical 2-hour shaft wall or demising wall. I don't really get into specifying things like that but the most practical methods seem to be building a two-hour rated drywall enclosure around the conduits, or encase them in concrete.  

U
Undisclosed #2
Jan 09, 2018
IPVMU Certified

Thanks for the heads up, Jeff.

Its time that I replace this anachronism anyway.

Should be fine with SimpliSafe, right?

DR
Dennis Ruban
Jan 09, 2018

These days we use more and more  alarm panels that work over ethernet or smart-home controllers with wireless sensors. Serial communication, slow, vulnerable, non-encripted shall stay in 20th century

LT
Larry Tracy
Jan 09, 2018

Jeff

I would take it that you have raised this issue with UL and ETL and that given the safety concerns, listings of the listed control panels with this vulnerability are being reviewed/ pulled? Also sounds like UL needs to modify their own standards for approval of control panels? 

(4)
JZ
Jeff Zwirn
Jan 10, 2018

Larry: 

Thank you very much for your message.

I am in the process of getting my message out and yes UL, ETL, and the NFPA have to recognize that things are getting missed by equipment manufacturers. Given that, and in my opinion, in 2018, we can do much better to make alarm systems safer, and the Interceptor and/or its technology do just that. 

Respectfully submitted,

Jeffrey D. Zwirn, CPP, CFPS, CFE, FACFEI, CHS-IV, SET, CCI, MBAT, Zwirn Corporation

(1)
U
Undisclosed #2
Jan 09, 2018
IPVMU Certified

Jeffery, if one connects a landline to the on-board autodialer, in addition to the dual diversity communicator on the databus, will this mitigate the risk associated with the unprotected databus?

For some people at least, that could be a less expensive route than the Interceptor, yes/no/?

U
Undisclosed #3
Jan 10, 2018

ok, I'm going to ask the question that everyone reading this thread is apparently too skerred to ask....

"CPP, CFPS, CFE, FACFEI, CHS-IV,P SET, CCI, MBAT"

Jeffrey, do you ever forget one of the many 'after the name' identifiers in your signatures to most of the posts in this string - or do you use a macro that automatically adds all those identifiers every time you sign off on a post?

Secondly, if most people have no idea what most of those things even mean, what is the reason for using each one of them every time you post in this forum?

 

(1)
(1)
(3)
U
Undisclosed #2
Jan 10, 2018
IPVMU Certified

Secondly, if most people have no idea what most of those things even mean, what is the reason for using each one of them every time you post in this forum?

Agree. 

Clearer would be :

Jeffery D. Zwirn, Certified Protection Professional, Certified Fire Protection Specialist, Certified Fraud Examiner, Fellow of the American College of Forensic Examiners, Certified in Homeland Security-Level IV, Senior Engineering Technician Level IV Certified in Fire Protection, Certified Criminal Investigator, Master Burlgar Alarm Technician

Though his middle initial could be expanded as well ;)

(1)
(1)
(2)
JZ
Jeff Zwirn
Jan 11, 2018

Thank you for your comments regarding the acronyms after my name. In my formal correspondence I do add footnotes to identify what the credentials indicate.

I trust that any questions regarding same would be answered by going to my company website at alarmexpert.com or by contacting my offices directly at 1-800-353-0733

Respectfully submitted, 

Jeffery D. Zwirn, Certified Protection Professional, Certified Fire Protection Specialist, Certified Fraud Examiner, Fellow of the American College of Forensic Examiners, Certified in Homeland Security-Level IV, Senior Engineering Technician Level IV Certified in Fire Protection, Certified Criminal Investigator, Master Burglar Alarm Technician

(1)
(1)
JH
John Honovich
Jan 11, 2018
IPVM

Jeff,

My suspicion is that people are not questioning whether you have those credentials but why you feel the need to keep displaying them. For example, you have listed them 10 times in this discussion. I think it's overkill. Also, for me, your persuasiveness will be based on the strength of your arguments presented not whether you have enough or good enough credentials.

(6)
(3)
U
Undisclosed #2
Jan 11, 2018
IPVMU Certified

But an alarm system with that kind of redundancy would be killer...

(2)
JZ
Jeff Zwirn
Jan 11, 2018

John I am glad to take the credentials off after my name, I truly did not realize that this was an issue.

At the same time I will never respond anonymously.   

In my opinion, the persuasiveness of the arguments should be based on the persons education, skill, knowledge, training, experience and credentials, and of course, the argument itself.  Otherwise, the foundation of where the person derives their information from may be moot and is generally not defensible. 

Surely, credentials count in the alarm industry and in many other professions.   

Best 

Jeffrey Zwirn, President, IDS Research and Development, Inc.

(1)
JH
John Honovich
Jan 12, 2018
IPVM

Surely, credentials count in the alarm industry and in many other professions.

 

Let's put aside for a moment whether credentials should or should not count. The reality is, as the response from the alarm manufacturers and many professionals on this site have been to your product, credentials do not matter enough to sell your product.

My point to you is that you should try to find ways to be more persuasive. Understand the concerns, find ways to provide evidence to overcome and convince them. I am hoping that you take this as constructive feedback because I do think you can better achieve your goals by focusing on increasing the persuasiveness of your case and marketing.

 

(3)
JZ
Jeff Zwirn
Jan 16, 2018

Thank you for your feedback. The Interceptor is selling and I look forward to my invention helping save lives and minimizing property loss.

(1)
CH
Corbin Hambrick
Jan 11, 2018

...REALLY?  You people have a problem with someones thread signature including their credentials?

 

...is THIS where we're at in the alarm industry...that we're that jaded by someone having their credentials in their signature.

sad

 

Corbin Hambrick, ABCD, EFG, HI, JK, LMNOP

(1)
(1)
(3)
U
Undisclosed #3
Jan 11, 2018

1.  My question was made in jest - but John is right... I joked about it because it seemed odd to me that he felt the need to add the identifiers every time he posted.

2.  You don't need to even 'sign' posts to begin with - we know who you are cuz your name begins each post you make.

(1)
DR
Dennis Ruban
Jan 10, 2018

Finally good question, so many new useless abbreviations :)

(1)
(1)
JZ
Jeff Zwirn
Jan 11, 2018

Dennis: 

Thank you for your comments. I do not consider credentials useless unless the person looking at them does not know their value as it relates to the persons recognized expertise in part. By way of example. as you probably know, SET, is from NICET for their Level IV Fire Protection Engineering Technology / Fire Alarm Systems Credential. Certainly, authorities having jurisdiction and industry professionals recognize the NICET Level IV value in successfully achieving same and so do many others. 

Respectfully submitted,

Jeffery D. Zwirn, Certified Protection Professional, Certified Fire Protection Specialist, Certified Fraud Examiner, Fellow of the American College of Forensic Examiners, Certified in Homeland Security-Level IV, Senior Engineering Technician Level IV Certified in Fire Protection, Certified Criminal Investigator, Master Burglar Alarm Technician

 

 

(1)
U
Undisclosed #5
Jan 10, 2018

As a former home automation programmer/engineer, I have some history integrating with alarm panels.  Often this is/was done via an RS-232 interface that hangs off the alarm system RS-485 bus.  There were time when the control system could lock up the panel or put it into fault by misconfiguration or particular commands not supported by the panels firmware.  Alarm integration was always something I strongly advised the client or integrator not to do because of the life safety aspect.  More recent panels often integrate via Ethernet and are more sophisticated in their handling of integrated third-party devices but it still makes me uncomfortable.

(1)
(1)
LT
Larry Tracy
Jan 10, 2018

UL and NFPA set the standards for the alarm industry, if they don't address the issue I don't see dealers doing it. There are numerous ways to compromise systems many of which are not addressed by the industry or the regulatory bodies.

Having been in the sensor business most of my career, one of my pet peeves is that sensor tamper switches are not wired in the US, its mandatory in Europe. Another is I tried unsuccessfully to get the US industry to install anti masking sensors and high security magnetic contacts, 99 percent of the dealers don't care.

So while Jeffery has a great point but how many dealers are going to install this device? Without it being mandatory not a great deal in my view. Plus will the end user pay for it I can't see a dealer putting them in for free.

Then if its not an approved accessory you can't legally add it anyway. Can u imagine a  Fire Marshall's reaction to seeing this board? Sure many don't drill into that far but I have a guy who besides being the local AHJ is on the NFPA committee that writes the standards and he checks everything.

Of course the dirty secret of our business is due to mass marketing, especially in residential systems, the installer cares little about the level of security they provide as they only want the RMR.

I wonder how long the Risco device has been out and what is its sales success rate.

(1)
(1)
JZ
Jeff Zwirn
Jan 10, 2018

Dear Larry: 

Thank you again for your feedback. The Interceptor is already ETL Listed to UL 1023, UL 985, and UL 365. I would never engineer and sell a product that was not listed by an NRTL. Further, UL 864 10th Edition is also in the works for the Interceptor. 

Respectfully submitted, 

Jeffrey D. Zwirn, CPP, CFPS, CFE, FACFEI, CHS-IV, SET, CCI, MBAT, Zwirn Corporation

(1)
CH
Corbin Hambrick
Jan 11, 2018

Larry,

"Another is I tried unsuccessfully to get the US industry to install anti masking sensors and high security magnetic contacts"

What are anti masking sensors and high security magnets and how do they work?

LT
Larry Tracy
Jan 11, 2018

Anti masking sensors detect anything that is put on the face of the detector to stop it from seeing a intruder. Bosch had these.

balanced high security contacts are made by a number of companies Interlogix is one. These will detect a magnetic taped over the contact during the daytime to defeat the contact from giving an alarm when the door is opened at night. 

CH
Corbin Hambrick
Jan 11, 2018

I certainly understand anti-masking in cameras but cannot comprehend how a NO/NC sensor can do that.

Likewise I still can't grasp the balanced high security contact and will have to research that too.  I'm guessing that you have to "calibrate" it at it's normal closed state and that it will detect stronger magnetism outside of that calibrated range?

Avatar
Ari Erenthal
Jan 11, 2018
Chesapeake & Midlantic

This article explains motion detector anti masking. 

Avatar
Rueben Orr
Jan 11, 2018

Balanced high security contacts will not always detect a magnet taped over the high security contact if their core technology uses reed switches. Once you know the polarity of the reed switches then you can easily defeat them. A compass from a box of Cracker Jacks will tell you what you need to know. Ask Magnasphere for a demo of how they defeat the Sentrol 2707A. Here is the link to video.

http://magnasphere.com/press/video/magnetic-defeat-of-a-ge-sentrol-2707a/

Even though the video doesn't show it, in order to know which way the three magnets should face, he uses a small plastic compass on the magnet that faces the contact that I think actually did come from a box of Cracker Jacks...

Not that Magnasphere needs me to do any commercials for them, but its nice to know someone has built something more secure than a reed switch. The counter point to Magnasphere is that they are a bit more expensive (ok alot more when it comes to High Security Level 2) and they have to be installed with an excruciatingly small gap, but low cost and convenience are seldom associated with real security.

I'm interested to see how the keypad and serial bus holds up to shorts with Bosch. DMP supervises their keypad and LX bus and if the system is armed and you short the LX bus then you will cause an alarm on all connected zones and if you short the Keypad bus then you will cause that keypad to stop working, but not the panel. If you short keypad power then you can take out all of the keypads that share that power from the panel, but the panel will keep right on working.

Personally, I believe with proper system design, and installing the right equipment the right way (still amazes me that so many people who sell alarm systems have never read UL681) along with proper monitoring and supervision, what this product "fixes" is inconsequential. Then again, most people who use an alarm were looking for a "free" or low cost system and have no standards or insurance requirements to be met, so they probably have one of the panels that could be defeated by shorting the data connections. 

(1)
CH
Corbin Hambrick
Jan 11, 2018

I hate to admit it but I am one of those who've never read UL681.  I didn't even KNOW about it.  ...surprised that Texas licensing didn't mention anything about it when getting my license.  ...or at least it didn't mention it boldy enough for me to grasp that I needed to read and understand it.

I have it bookmarked and will be doing some exciting reading this weekend.

JZ
Jeff Zwirn
Jan 11, 2018

Many in the alarm industry have not read UL 681, because it relates to          UL Certificated Burglar Alarm Systems. However, it contains important information for everyone in the alarm industry who installs mainly commercial burglar alarm systems. 

Respectfully submitted

Jeffery D. Zwirn, President, Zwirn Corporation

Avatar
Ari Erenthal
Jan 12, 2018
Chesapeake & Midlantic

[Disclosure: I am a rep for Bosch intrusion products.]

I'm interested to see how the keypad and serial bus holds up to shorts with Bosch.

The power line on the serial bus is protected against shorts. Points connected to the shorted serial bus go into trouble. 

Sorry I didn't see this question earlier. 

(2)
CH
Corbin Hambrick
Jan 11, 2018

1.  Wow. I'm surprised to see the pushback here.  As a licensed security pro I take my customer's security very seriously (as if I'm protecting my own family).  I know it's probably human nature to be averse to change and I know it seems a bit of a conflict of interest for Jeffrey to not only find the flaw but be selling the fix, but this information concerns me greatly...especially since I install the Concord 4 panels--with only a few being used for fire in addition to burg.  ...and given Jeffrey's purported expertise (I've not confirm but will assume at this point it's accurate) would think people take him more seriously.

2.  Jeffrey, I have questions for you.

The alarm.com panels specify that the power (red wire) for the module be wired directly to the system battery and include the parts to do so.  Likewise when a sensor is "activated" (such as would be caused by breaking in) the alarm goes into alarm mode and waits for a valid disarm code.  If it doesn't receive a valid disarm code within the configured amount of time it goes into alarm.  I think this is referred to as smash and crash protection

So:

A. Since the modules 12v is coming straight from the battery does that negate the ability to short it as you describe?

B. Wouldn't this smash and crash feature negate the ability to get away with shorting it too?

C. I get that this only addresses half of your argument though and that a fire could still cause a problem because even though the module is powered by the battery, and could report trouble it might not be able to accurately report a fire (if the panel is being used for fire).  Is that an accurate statement?

D.  Is your assessment based on empirical evidence having done some in-lab testing to confirm what you're interpreting out in the field?

E. If so did you ever make any videos that can be shared?

(1)
Avatar
Peter Giacalone
Jan 11, 2018

It all made sense when I first read this, it made a lot more sense when I witnessed a demonstration at ISC last year.  What doesn't make sense is why the manufacturers are not including this technology n their existing products.  I can't imagine that building this in would add any great cost while providing the protection they tout..  Thanks for pointing out this serious vulnerability!

(1)
JZ
Jeff Zwirn
Jan 11, 2018

Thank you for your feedback. 

(1)
CH
Corbin Hambrick
Jan 11, 2018

My guess is that many mfgs will start QUIETLY building it into their products.

They just don't want to admit that millions of their products in the field have this liability due to the potential litigation it would open them up to.

(1)
JZ
Jeff Zwirn
Jan 11, 2018

Not knowing or knowing about this serious control panel defect is completely unacceptable, if no one does anything about it.

Its time to make alarm systems safer and my invention just does that.  

Jeffery D. Zwirn, President, Zwirn Corporation.

(1)
U
Undisclosed #2
Jan 11, 2018
IPVMU Certified

Its time to make alarm systems safer and my invention just does that.

Invention.  Patent Pending?

JZ
Jeff Zwirn
Jan 13, 2018

Yes. 

(1)
CH
Corbin Hambrick
Jan 11, 2018

Jeffrey,

In your piece you shared two panels that are obvious targets, and information about others.  I don't want to take the time to go look for that but other then the two mentioned Honeywell Vista and Concord 4, do you know of others that specifically are open to this potential?

JZ
Jeff Zwirn
Jan 11, 2018

Dear Mr. Hambrick:

Thank you for your support of the Interceptor and Making Alarm Systems Safer. Kindly consider the following:  

Please go to my website at alarmexpert.com to review and verify my education, skill, knowledge, training, experience and nationally recognized peer reviewed credentials.

The alarm.com radio requires that the data portion of the radio be connected in parallel to the data-bus wiring (which is installed throughout the home or business under most circumstances), so the power for the alarm.com radio being connected to the control panels backup rechargeable battery does not change this serious control panel defect, since data for a radio without power or power on a radio without data, renders the alarm.com radio instantly useless. Given that, this mission critical part of the system will instantly fail. Imagine telling your subscriber about this system vulnerability.  What do you think would be their reaction? Indeed, this is the only part of the alarm system which is not electronically supervised in the event of a short on the data-bus, but it is the most important part, due to what is required to connect to the data-bus in parallel.

With regards to crash and smash feature, (if it is enabled) it works for the exit/entry delay door, when the alarm system is armed, and the entry door opens since the opening of the door sends a signal through alarm.com to a cloud where it is held unless the alarm system is disarms by an authorized user. If the alarm system is not disarmed, or the control panel is attacked, alarm.com transmits a signal to the central station through its crash and smash feature.  Therefore, this feature may help to protect against an intentional keypad data-bus wiring attack. However, most alarm companies who I have spoken to advise their central station to handle this signal as a trouble condition or it’s a log only event. Clearly I do not agree with this methodology.  

In any event, and even with the crash and smash detection feature, any fire accidentally attacking the data-bus wiring will instantly shut the system down and NO signal will be transmitted to Alarm.Com and/or to your central station. Please note that in order for the smash and crash feature to work, the alarm has to be activated, such as opening an exit/entry door. Despite that, fire attacking the data-bus wiring does not trigger the alarm system first.

By way of further example, let’s assume that a fire starts in an attached garage of a home and eventually burns its way into the premises.  Located in close proximity to the exit entry door is likely going to be a system keypad. Once the data-bus wiring to that keypad or the keypad itself is attacked by the fire, the system will be rendered non-functional, because all of the mission critical devices such as an alarm.com radio and an external dual diversity radio receiving unit, will instantly shut down.

Once again, and under these foreseeable scenarios, no alarm has been detected by the control panel set as of yet.  The same technical fact pattern holds true if this happens to any part of the data-bus wiring or to the power output wiring which connects to the data-bus loop in the attic of the home or if a fire attacks the data-bus wiring in the wall of the home. That said, no alarm will be activated and once the data-bus wiring is shorted out, all of the mission critical devices will instantly fail.  

  1. Since the modules 12v is coming straight from the battery does that negate the ability to short it as you describe? NO.
  2. Wouldn't this smash and crash feature negate the ability to get away with shorting it too? Maybe and if enabled, and depending on the situation. Despite that, this feature is meaningless against an accidental fire attacking and shorting out the data-bus.

With regards to my expertise and qualifications, please go to my website at alarmexpert.com to review my specialized education, skill, knowledge, training, experience and nationally recognized peer reviewed credentials. In addition, I have been qualified by courts as being qualified in the forensic study of alarm systems

  1. I get that this only addresses half of your argument though and that a fire could still cause a problem because even though the module is powered by the battery, and could report trouble it might not be able to accurately report a fire (if the panel is being used for fire). Is that an accurate statement?

 Yes. With this in mind, you will get NO alarm or trouble signal at the central station, because the data-bus is shorted out. It is like connecting an alarm.com radio and not connecting the data portion of the radio to the data-bus of the control panel set.

  1. Is your assessment based on empirical evidence having done some in-lab testing to confirm what you're interpreting out in the field?

Yes. Furthermore, I have been forensically investigating alarm systems cases and claims nationally since 1980, being 38 years, and during the germane periods of time, I have personally witnessed alarm systems failing due to accidental and intentional attacks on the data-bus.

Please also see www.interceptorprotectedcom .

E. If so did you ever make any videos that can be shared? I am glad to upload a video or send you one. Notwithstanding the foregoing, you can easily verify my forensic finding by looking at the attached schematics and/or by setting up a Concord IV and an alarm.com radio. This equipment is good. However, with the Interceptor it makes the alarm system safer. Otherwise, each of your subscribers to an unacceptable risk which poses liability to your alarm company and to the respective equipment manufacturers. Please see the link in the IPVM article to a legal opinion letter by Veteran Alarm Industry Expert Attorney Michael Revness. Mr. Revness did not receive any compensation from me or any of my companies to provide his opinions regarding same. 

Respectfully submitted, 

Jeffery D. Zwirn, President, Zwirn Corporation

(1)
CH
Corbin Hambrick
Jan 11, 2018

Jeff,

It looks like I have to sign up with yet ANOTHER new distributor to acquire your product.

Maybe you could get this into more national distributors to make it easy on some of us.

(1)
JZ
Jeff Zwirn
Jan 11, 2018

Balanced alarm contacts and anti-masking motion detection is industry standard for high-risk, high burglary exposure premises and in many other applications.  In addition there are also Magnasphere contacts; which are designed for high security applications and in one of their tests, Magnasphere outperformed balanced contacts, in that the balanced contacts were able to be bypassed unlike the Magnasphere products.

Please look at the Bosch product line, Potter now Amseco, plus Honeywell, are other resources as well to learn about same. 

Respectfully submitted,

Jeffery D. Zwirn, President, Zwirn Corporation

(1)
JZ
Jeff Zwirn
Jan 12, 2018

To All: 

Notwithstanding whether or not you agree that the Interceptor makes alarm systems safer or not, or if the risk is foreseeable or not, I ask the following questions and look forward to your responses. 

If you install Honeywell and/or Concord Control Panels and fire damages the data-bus wiring of the control panel set, and as a result your system fails, as elaborated to in the technical specifications which I have shared with you on the Interceptor; what is going to be your defense in a lawsuit. I ask the same question as it relates to an intentional attack on the data-bus wiring as well.

Foreseeable Deposition Questions Against Equipment Manufacturers, Alarm Company's, and their Employees who Do Not Offer and Use the Interceptor, when any of their subscribers suffer a fire loss and/or a burglary loss whereby the data-bus wiring of the control panel set is either accidentally or intentionally shorted out.

Is there any way that you could have technically protected the data-bus wiring of the Honeywell Control Panel which you recommended and sold to the Plaintiff in this case before the fire or burglary occurred? 

Is there any way that you could have technically protected the data-bus wiring of the Concord Control Panel which you recommended and sold to the Plaintiff in this case before the fire or burglary occurred?

Prior to the Plaintiffs loss, were you aware that the data-bus wiring on the control panel was vulnerable to an accidental or intentional attack, which would instantly render wireless radio alarm transmitters and external wireless radio receivers non-functional? 

How is important is reliability on a burglar alarm system? 

How is important is reliability on a fire alarm system? 

How important is reliability on a burglar and fire alarm system? 

Would you ever knowingly recommend and install any alarm system if it contained an unprotected vulnerability on its data-bus? 

Was there any product on the market either when you sold the alarm system or after you sold the alarm system which is designed to protect the data-bus wiring? 

Did you ever offer this technology to your customer before they suffered the loss in this matter? 

Where on your contract does it reference that you offered the Interceptor to my client and that they declined it as a cost consideration?

If any of these questions make you feel uncomfortable and they should, as to anyone not taking the criticality of the Interceptor seriously, or any other product that address a dangerous vulnerability and as a result, protects and/or fixes the problem, then you need to rethink you position, because these questions are just the beginning of what will likely be exposed by opposing counsel in a lawsuit against you and your company and the equipment manufacturer.

 

Respectfully submitted, 

 

Jeffrey D. Zwirin, President, Zwirn Corporation 

 

(1)
(2)
U
Undisclosed #2
Jan 12, 2018
IPVMU Certified

Was there any product on the market either when you sold the alarm system or after you sold the alarm system which is designed to protect the data-bus wiring?

Is there any way that you could have technically protected the data-bus wiring of the Honeywell Control Panel which you recommended and sold to the Plaintiff in this case before the fire or burglary occurred?

Where on your contract does it reference that you offered the Interceptor to my client and that they declined it as a cost consideration?

Are you kidding me, Jeffrey?

Are you working with prosecutors to insure these “foreseeable questions” are asked?

Nice technique...

(3)
(1)
(1)
CH
Corbin Hambrick
Jan 12, 2018

I guess I'm coming from a different angle or something.  I don't get all the push back.

Jeffrey is trying to explain what he's seen in the field.  I'm taking this as him sharing what he's found and what he shares in his forensic reports that the prosecution would then be able to use to go after us.

Yes he's selling something, but do you not take this seriously or something?

I sell Concord 4 panels so I'm definitely concerned.  Fortunately I only have a few panels that have fire zones and I don't see the burglar issue as very probable since we have the smash and crash on ours via alarm.com module.

Regardless, I'm taking steps to properly inform my customers and deal with this.

Likewise I've been looking at moving away from Concords potentially anyway but this certainly adds one more reason to do so.

(1)
U
Undisclosed #2
Jan 12, 2018
IPVMU Certified

I guess I'm coming from a different angle or something. I don't get all the push back.

Jeffrey is trying to explain what he's seen in the field. I'm taking this as him sharing what he's found and what he shares in his forensic reports that the prosecution would then be able to use to go after us.

It’s a bit heavy handed to imply that now because you read his posts about the manufacturer defect, but didn’t get your client to sign a waiver on buying his Interceptor (referenced by name), you are likely exposed to liability.

(1)
(1)
JZ
Jeff Zwirn
Jan 13, 2018

If you do not pay attention to LIABILITY it will pay attention to you. 

The issue here is security and life safety not that I invented the Interceptor. 

Similarly, encrypted wireless is another liability whether you know it or not, to the extent that an intruder under this fact pattern can use an SDR to intercept and shut down wireless control panels that are using 1980's technology.

It would be considered an omissions case to the extent that you failed to disclose that material fact and I have been involved in being an expert for more than one litigated case regarding same. 

My goal here is to tell you what you might not know and help better protect your customers, help you minimize liability for your company and for you as well. You can disregard this advice but you do so at your own peril. 

Respectfully submitted, 

Jeffrey D. Zwirn, President, Zwirn Corporation. 

(1)
Avatar
Ethan Ace
Jan 12, 2018

Corbin, I worked with commercial intrusion systems for over a decade before joining IPVM and I'll tell you my take on this, and why I have pushback to the Interceptor.

All of these scenarios of data bus destruction are plausible. Totally. 100% I believe could happen. If I were selling commercial systems I'd absolutely include this on a proposal and use it to show that I'm more expert than the next guy. Same reason I started using Magnasphere after talking to them. It's an extra measure of protection that could stop specific attacks.

However, my problem is that I see no evidence that these attacks are common. I have never heard anyone mention them other than in this thread. I haven't seen any sort of statistics showing how often it happens. It's like the blanket statement "Criminals are getting more sophisticated all the time", except when you read reports most burglaries are simply still someone breaking a window, kicking in a door, etc.

So I think it's heavy handed to claim that every system needs this without that information. If it's true, back it up with stats showing how common it is. But if it's, let's say, 5 incidents out of every 10,000, you're increasing system cost greatly (burg panels are cheap!) for a 0.05% chance.

It's the same reason the industry hasn't switched to all balanced contacts or Magnasphere. Because the number of incidents in which an intruder used a magnet to defeat a contact are small. They may be high profile because of their sophistication and rarity, but still small.

I won't knock anyone taking steps to inform their customers that this is a possibility and selling the Interceptor. I just want to see the numbers before agreeing it should be a ubiquitous device.

(3)
JZ
Jeff Zwirn
Jan 13, 2018

Ethan: 

Thank you very much for your feedback. Just because you are not familiar with something, does not mean that it can be disregarded. The risk is real and in 38 years of forensically investigating alarm systems nationally I do not need stats to help save lives and minimize property loss. Similarly, stats will not negate your liability, nor can they save your customers life or their property    if there is an allegation that your alarm system failed under the fact patterns presented. Are you saying that your defense is going to be that you have no liability because the statistics protect you?  Please do not be that person or get legal advice before you take that untenable position. 

If you knew tonight that an intruder or a fire was going to happen in your home you would do everything in your power to protect your family and your assets, but of course we cannot put any stats on this potential to determine if we are next, and if the alarm system fails, as I have seen time and time again under this scenario the risk is extremely high to you and your company.

 

Respectfully submitted,

Jeffrey D. Zwirn, President, Zwirn Corporation.

 

(2)
U
Undisclosed #3
Jan 13, 2018

Jeffrey,

To this point I have just tried to lighten up the thread with jokes that only I find funny I am sure... but I think that Ethan posted a very reasonable and well-supported position statement regarding your claims.

...and yet you continue to (effectively) use the same marketing tactics that door-knocker alarm system sales teams use when showing all the local houses that have been broken into on their maps that they immediately display if they get someone to open the door.

I also agree with Mr. Karas that you might benefit from a professional marketing provider.

Why haven't you approached the regulatory side with your life-saving invention?  Or have you, and they yawned?

I am all for saving lives - and if your invention (that you are understandably passionate about) is the critical missing piece from commercial and residential alarm boards, then why don't you try and license your (patented?) invention to manufacturers?

(2)
(1)
JZ
Jeff Zwirn
Jan 14, 2018

Thank you very much for your feedback. The Interceptor has been well received and the process has been on-going to currently sell the Interceptor and license the technology.

In addition, this process includes educating AHJ's and other entities about what the Interceptor does, and why it is so mission critical for alarm systems.

As to my input in this forum, it is to be responsive to all comments.

The Interceptor is listed by ETL and is patent pending.

Respectfully submitted,

Jeffrey D. Zwirn, President, Zwirn Corporation

(2)
JZ
Jeff Zwirn
Jan 13, 2018

It is common practice for forensic experts to assist counsel in their questioning of deponents. No kidding. This is equally important for both Plaintiffs and Defendants who I have worked with since 1980, including a profusion of alarm companies and equipment manufacturers who have retained me. 

Having said that, the salient point is can you answer the questions? 

Respectfully submitted, 

Jeffrey D. Zwirn, President, Zwirn Corporation

(2)
U
Undisclosed #2
Jan 13, 2018
IPVMU Certified

Can you provide one actual case where an Integrator was found liable for a databus failure?

Thank you.

UI
Undisclosed Integrator #8
Jan 26, 2018

Answer, I am aware, it was not an approved option by the manufacturer who listed this system in accordance with UL as appropriate. It is still not an approved option by the manufacturer and yet the system is listing by the national test lab without this device, for the intended purpose I sold and installed it.  The addition of this device may have voided the warranty of the original system. 

(1)
JZ
Jeff Zwirn
Jan 26, 2018

That is not the issue at all. The Interceptor is ETL listed to be connected to any control panel which is UL 1023, UL 985 and UL 365. I know I serve on 22 UL technical committees and received my first UL Listing in 1984.

(2)
JZ
Jeff Zwirn
Jan 16, 2018

Plaintiffs Lawyers are already very well equipped to focus on foreseeability questions.

(2)
Avatar
Brian Karas
Jan 12, 2018
IPVM

Foreseeable Deposition Questions 

Why are these "foreseeable"? Do you think a court would accept that databus failures are so common and foreseeable that alarm installers should consider them to be an almost expected point of failure/weakness?

Also, should installers be expected to offer the customer every conceivable form of additional protection? What about using armored cable, heavy gauge cabinets, etc?

When many installers do not even put EOL's at the end of the line, and do not seem to face legal liabilities for it, why is it "foreseeable" that they will have been expected to be aware of your product and accept that it should be offered? 

How are these alarm panel manufacturers staying business, and avoiding liabilities, for so many years without addressing this issue themselves? It is not like they could not solve the problem in the panel if they wanted to, but the additional cost is seemingly not justified. 

 

(2)
(1)
JZ
Jeff Zwirn
Jan 17, 2018

Brian:

In follow up to your question kindly find the following: 

When many installers do not even put EOL's at the end of the line, and do not seem to face legal liabilities for it, why is it "foreseeable" that they will have been expected to be aware of your product and accept that it should be offered?

Under separate cover I forwarded an article to you that was published about one of my forensic cases in Security Sales and Integration Magazine, whereby a woman was murdered when her alarm system failed as a result of an end of line resistor not being properly terminated. 

Kindly post it for all persons to read. 

It is foreseeable that both normally closed and normally open protective loop circuits can become impaired and regardless of whether this was accidental or intentional, without properly employing an end of line resistor (EOLR), the alarm system will “appear” to function, when in actuality the system is dangerously impaired.

It is foreseeable because this serious defect and methodology has been happening  (losses as a result of improperly terminated EOLR’s) ever since we went from double circuitry to EOLR supervision. Further, the equipment manufacturers require that all End of Line Resistors be properly terminated at each of the respective zones of the alarm system.

EOLR supervision is required as part of the UL Listing of the product and for fire, all normally open circuits shall be electronically supervised using end of line resistor supervision as well.

Therefore, equipment manufacturers of alarm systems across the US and around the world, have recognized the criticality of requiring that end of line resistors be terminated at the end of each protective loop zone of the alarm system, and both UL and ETL, who are both nationally recognized testing laboratories, require electronic supervision on all alarm systems too, since both normally closed and normally open protective loop circuits can foreseeably become impaired.

Alarm contractors and system intergrator's have certain duties and if anything makes an alarm system safer, this information becomes very germane especially after a loss to the extent that someone does not offer and/or provide same. This applies across the board to alarm technology and is not at all limited to the Interceptor technology.

Look at ADT's contract which states in pertinent part that essentially ADT has offered the customer the full range of equipment and services available and the customer made selections based on what was offered (This is not verbatim). Why do you think that this language is on the front page of the ADT contracts? 

Respectfully submitted, 

Jeffrey D. Zwirn, Zwirn Corporation 

 

 

 

 

(2)
JZ
Jeff Zwirn
Jan 17, 2018

To All: 

For your information and in support of what I advised you about in pertinent part: 

https://www.adthomesecuritysettlement.com/

ADT Home Security Settlement

Michael Edenborough v. The ADT Corporation and ADT, LLC d/b/a ADT Security Services
United States District Court, Northern District of California, Case No. 16-cv-02233-JST

Welcome to the ADT Home Security Settlement Website

IF BETWEEN NOVEMBER 13, 2009 AND AUGUST 15, 2016, YOU ENTERED INTO A CONTRACT WITH ADT OR AN ADT DEALER FOR INSTALLATION OF A RESIDENTIAL SECURITY SYSTEM THAT UTILIZES ONE OR MORE WIRELESS SENSORS, THIS NOTICE CONTAINS IMPORTANT INFORMATION THAT MAY PERTAIN TO YOU. PLEASE READ IT CAREFULLY. YOU COULD GET A PAYMENT FROM A CLASS ACTION SETTLEMENT, BUT YOU NEED TO SUBMIT A FORM TO DO SO.

ADT CORPORATION and ADT LLC (collectively “ADT”) has agreed to pay $16,000,000 in a nationwide settlement of all claims alleged against ADT in Michael Edenborough v. The ADT Corporation and ADT, LLC d/b/a ADT Security Services, Case No. 16-cv-02233-JST (USDC ND California) (“the Edenborough Action”) and several other putative class action cases filed on behalf of ADT customers nationwide (“the Related Actions”). The proposed settlement (“the Settlement”) is a compromise of all claims alleging that ADT failed to disclose an alleged vulnerability of the wireless signals in its residential security systems to evasion or jamming by electronic devices. ADT denies the allegations, denies liability, and asserts numerous defenses. The Settlement avoids the costs and risks from continuing the lawsuit, pays money to certain current and former ADT customers, and releases ADT from further liability (except for claims of personal injury or for loss of or damage to property).

Respectfully submitted, 

Jeffrey Zwirn, President, Zwirn Corporation

(2)
JH
John Honovich
Jan 12, 2018
IPVM

I ask the following questions and look forward to your responses...

Where on your contract does it reference that you offered the Interceptor to my client and that they declined it as a cost consideration?

If any of these questions make you feel uncomfortable

The "you may be liable unless you offer your client my product" line may be the most amazing sales pitch ever. You may be forgetting that you sell the Interceptor and ergo such a recommendation is an inherent conflict of interest.

That noted I do think there is a worthwhile general point. What risks do you need to disclose to your customers? There are obviously lots of risks out there, how likely do they need to be for you to have to actively and specifically enumerate them to customers? 

 

(2)
(1)
JZ
Jeff Zwirn
Jan 15, 2018

John: 

Thank you for your feedback. My responses are listed below 

The "you may be liable unless you offer your client my product" line may be the most amazing sales pitch ever. You may be forgetting that you sell the Interceptor and ergo such a recommendation is an inherent conflict of interest.

What I have forensically identified and what I offer to alarm professionals is not a sales pitch and it is also not an inherent conflict of interest, it is a technical way of helping the industry better protect their customers, and to help minimize their liability as well.

Surely, there is always going to be a cost for providing a solution. 

Please remember that I have been forensically investigating alarm systems for 38 years across the country and testifying to juries and judges as well during this time period.

Given that, my opinions for both plaintiffs and defendants alike as to identifying responsible parties and helping to minimize liability and risk, have been part of my core competence for almost four decades.

Against the foregoing backdrop, I have specialized and unique education, skill, knowledge, training, experience and nationally recognized peer reviewed credentials which are extremely germane to what I have forensically seen first hand, and know has happened, and what I know will continue to happen, ergo, that is why I designed the Interceptor. 

At the same time, if you want to call educating persons about something that has not been recognized by the alarm industry and that will help make alarm systems safer 100% of the time, as to accidental and/or intentional shorts on the data-bus and/or its wiring, and that will help minimize loss to subscribers, and risk, to the alarm company and equipment manufacturers as well, it is certainly misplaced.

Just because I invented and sell the Interceptor, does not make my recommendations a conflict of interest. In other words, if there is another product that does what the Interceptor can do and does not infringe upon my patent, than your readers can certainly seek the product out. However, there is no such product, but the risk remains.

My information about the Interceptor provides the reader with knowledge that most persons do not have, as to this serious defect, and as to what my product does. If your readers want to disregard my opinions and those of Attorney Revness, and other experts, than they do so at their own peril. Despite the foregoing,  the risk remains, and now for the very first time my invention provides a solution. I think that all products which make a product safer should be applauded.

Honeywell makes both un-encrypted wireless, and encrypted wireless control panels now. When Honeywell started marketing their encrypted control panels, that was not a sales pitch in my opinion, it was about educating their customers as to the safety and security benefits of wireless encryption over their un-encrypted wireless that they still sell to their customers. Similarly, it was certainly not a conflict of interest. 

The information which IPVM looked at, is not just about the Interceptor, it is really about any product that makes technology safer, and more specifically, alarm systems safer.

By way of yet another example, when Uplink came out with a cellular wireless radio in order to help enhance central station communications and eliminate the risks associated with a DACT, it was not a sales pitch, it was a way to make alarm systems safer, and it certainly did just that.

Furthermore, if an alarm company does not offer a radio as part of their security recommendations to a subscriber, and an intrusion occurs, whereby the intruder cuts the premises phone lines, and the alarm system fails to be able to transmit alarm signals to the central station, there have been many cases where the alarm company was found to be liable; for NOT disclosing to the subscriber the vulnerability of telephone line based central station communications. 

That noted I do think there is a worthwhile general point. What risks do you need to disclose to your customers? There are obviously lots of risks out there, how likely do they need to be for you to have to actively and specifically enumerate them to customers?

Notably, the first thing an alarm company needs to do is to get professionally drafted alarm contracts, in order to help minimize            their liability.

Believe it or not, many companies today still do not use alarm company contracts that were professionally drafted by a lawyer who specializes in the alarm industry. 

In my opinion, all alarm company documentation needs to include yes and no questions with boxes that a customer can accept or reject. Certainly this is commonplace for many industries, such as companies like Avis and Hertz that offer their customers full coverage insurance and other products that minimize out of pocket expense in the event of an accident and they also offer a customer more coverage for liability as well.

In the alarm industry yes and no questions may include additional smoke detectors, yes or no, CO detectors as to the customer being willing to buy them, yes or no, and of course, wireless radios of either the one-way or two-way type, yes or no? 

Coming full circle, no alarm company contract can ever be expected to protect an alarm company under all circumstances, and the same holds  true no matter what an alarm company does or does not do.

That being said, everything that an alarm company selects and installs, and the methodology of how they design, install, and monitor an alarm system,  plus the way in which they train and/or supervise their employees is mission critical. 

 

Respectfully submitted, 

Jeffrey D. Zwirn, President, Zwirn Corporation

(2)
U
Undisclosed #2
Jan 15, 2018
IPVMU Certified

...there have been many cases where the alarm company was found to be liable; for NOT disclosing to the subscriber the vulnerability of telephone line based central station communications.

Can you provide a few of those actual cases? 

Thanks!

(2)
JZ
Jeff Zwirn
Jan 15, 2018

Many of the cases are subsumed in the Alarm Science Manual, which is a peer reviewed book that was written by me in 2014. Notably, I do not mention the Interceptor in the book. 

In the litigated cases, once they settle there is a confidentiality order that is required by the settling party. To that end, I can never disclose the name of the alarm companies and/or their insurers who had to pay for judgments or to settle the litigated matters.  Professionals in the alarm and security industry are aware of these cases and I am as well, especially when I am retained as the alarm companies defense alarm expert witness.

Respectfully submitted,

Jeffrey D. Zwirn, President, Zwirn Corporation.

(1)
U
Undisclosed #2
Jan 15, 2018
IPVMU Certified

In the litigated cases, once they settle there is a confidentiality order that is required by the settling party.

Do you know of any cases that you were not a witness?

(1)
JZ
Jeff Zwirn
Jan 16, 2018

Sure, but they too are bound by confidentiality agreements. 

(2)
U
Undisclosed #2
Jan 16, 2018
IPVMU Certified

Sure, but they too are bound by confidentiality agreements.

How does someone else’s confidentiality agreement bind you?

In any case, the original complaint itself would be public, no?

As long as you are not revealing any private information about the case or award, why can’t you merely indicate the public record of the case?

(1)
(1)
JZ
Jeff Zwirn
Jan 16, 2018

All of the experts are required to sign confidentiality and non-disclosure agreements as well. The rationale of counsel is quite simple, they and their clients do not want the experts using what they learned in the subject case for another case in the future.

Other records which are produced through (RFP) request for production discovery, also get protected by a confidentiality and non-disclosure agreement as well, of which, is subject to court action if it is breached.

With all due respect, it is similar to responding in an undisclosed manner, the information about you etc, will not be provided. In the litigation world, there is much more at stake and many more persons involved. 

Respectfully submitted, 

Jeffrey D. Zwirn, President, Zwirn Corporation

(2)
JH
John Honovich
Jan 16, 2018
IPVM

Jeff, please stop ducking. You don't need to give confidential information. All you need to do is list court case numbers for cases that are related to the vulnerability you describe. And such things are public record, e.g., PACER.

(1)
(1)
JZ
Jeff Zwirn
Jan 16, 2018

John:

This enforcement of the agreements are crystal clear. This is not a game; the court can find a person in contempt and there is no ducking.

To the extent that you want to scour Pacer please feel free to do so. 

I will not be involved in breaching the agreements which I signed and am bound by.

IPVM holds the confidentiality of its undisclosed members above all, which as you know, I strongly do not agree with.

On the other hand State and Federal Courts are the law and I am legally bound to comply with same. 

I will not debate this topic with you any longer. I have been completely responsive and if you do not like the answer; that is the law, and there is no way and no how that I am going to breach it for any of IPVM's disclosed and/or undisclosed readers.

I trust that you would never breach any of the confidentiality agreements which you sign, especially when the court is involved directly with their enforcement.

Respectfully submitted, 

Jeffrey D. Zwirn, President, Zwirn Corporation 

 

(2)
JH
John Honovich
Jan 16, 2018
IPVM

Jeff,

No one is asking you to disclose anything confidential. That a case exists is not confidential. Just simply share the case number(s).

(1)
JZ
Jeff Zwirn
Jan 16, 2018

John: 

No further information will be provided. That is why they call it a confidentiality and non-disclosure agreement.  Everything about these cases are CONFIDENTIAL. Please move on.  

 

Respectfully submitted, 

Jeffrey D. Zwirn, President, ZWIRN CORPORATION

(2)
U
Undisclosed #2
Jan 16, 2018
IPVMU Certified

I trust that you would never breach any of the confidentiality agreements which you sign, especially when the court is involved directly with their enforcement.

Jeffrey, I specifically asked you if you knew of any cases you weren’t involved in.  

 

(1)
JZ
Jeff Zwirn
Jan 16, 2018

John: 

I have already provided information on some of the cases and where they occurred in this email string. Company names have been and will remain omitted. 

(2)
JZ
Jeff Zwirn
Jan 15, 2018

Please read the other comments that I have made in my email communications.

(2)
U
Undisclosed #2
Jan 15, 2018
IPVMU Certified

Please read the other comments that I have made in my email communications.

Thanks, I will.

How do I get access to your email communications?

(1)
(3)
JZ
Jeff Zwirn
Jan 16, 2018

It is not my email communications which I was referring to, it is this string of communications. If you want to get a sampling of the forensic cases which I have been involved in look at the Security Sales and Integration Magazine website and type in my name, as they have written about many of my forensic cases and I have also authored articles as well. However, please do not expect to find the Plaintiffs and Defendants names in these articles.

Respectfully submitted

Jeffrey Zwirn, President, Zwirn Corporation

(2)
JZ
Jeff Zwirn
Jan 17, 2018

The case I just posted is one example of what I have been informing all IPVM members about.  Under separate cover, I will respond to your other request. 

That being said, I have learned a lot about the forensic study of alarm systems in the past 38 years. I trust that all IPVM members will recognize that this case resembles a multitude of others, with both class action claims and Plaintiffs claims.

Different alarm companies and different fact patterns but this type of litigation has been happening for decades and is not going anywhere. 

One of my goals from the beginning of my career was and is to help all alarm companies and equipment manufacturers better protect their subscribers and their respective companies from liability. Notably, this was long before the Interceptor was invented and after same, and whether or not persons use the Interceptor technology, I will always continue to these efforts.

To that end, I have been training the technical community of the alarm industry for over 30 years. Part of my training has always been to teach attendees ways to help limit alarm company liability. My newest class is called Extreme Alarm Science Boot Camp. 

Respectfully submitted, 

Jeffrey D. Zwirn, President, Zwirn Corporation

(2)
JH
John Honovich
Jan 15, 2018
IPVM

Just because I invented and sell the Interceptor, does not make my recommendations a conflict of interest

Yes, it does. And your justification of why it is not one is actually proof of why it is one.

A conflict of interest, as explained by the OECD, "occurs when an individual or a corporation (either private or governmental) is in a position to exploit his or their own professional or official capacity in some way for personal or corporate benefit." This is cited and discussed by the ACFE, one of the groups you list in your certifications (see Conflict of interest GATEWAY TO CORRUPTION).

You have a professional capacity where organizations count on you to recommend solutions and evaluate risk (e.g., you tout "forensically investigating alarm systems for 38 years across the country ", "my opinions for both plaintiffs and defendants alike as to identifying responsible parties").

Now you are using that professional capacity to sell your own solution, The Interceptor. You are leveraging your capacity in one form (guidance) to gain in another form (product sales, patent licensing).

To be clear, just because you have a conflict of interest does not mean you are wrong in your recommendation. But you seriously need to recognize that you have an obvious conflict of interest and take steps to show evidence beyond your own experience.

So my positive recommendations:

  • What and how many cases can you provide where an alarm company was successfully sued for the problems The Interceptor aims to solve?
  • Who and how many other experts (who are not compensated by you) recommend deploying The Interceptor?

 

(4)
(1)
JZ
Jeff Zwirn
Jan 15, 2018

John: 

This is a follow up to my last communication to you. Can you be fully responsive to the totality of my comments? 

Thank you very much. 

Respectfully submitted,

Jeffrey D. Zwirn, President, Zwirn Corporation.

 

(3)
JZ
Jeff Zwirn
Jan 17, 2018

John: 

For your information and in support of what I advised you about in pertinent part: 

https://www.adthomesecuritysettlement.com/

ADT Home Security Settlement

Michael Edenborough v. The ADT Corporation and ADT, LLC d/b/a ADT Security Services
United States District Court, Northern District of California, Case No. 16-cv-02233-JST

Welcome to the ADT Home Security Settlement Website

IF BETWEEN NOVEMBER 13, 2009 AND AUGUST 15, 2016, YOU ENTERED INTO A CONTRACT WITH ADT OR AN ADT DEALER FOR INSTALLATION OF A RESIDENTIAL SECURITY SYSTEM THAT UTILIZES ONE OR MORE WIRELESS SENSORS, THIS NOTICE CONTAINS IMPORTANT INFORMATION THAT MAY PERTAIN TO YOU. PLEASE READ IT CAREFULLY. YOU COULD GET A PAYMENT FROM A CLASS ACTION SETTLEMENT, BUT YOU NEED TO SUBMIT A FORM TO DO SO.

ADT CORPORATION and ADT LLC (collectively “ADT”) has agreed to pay $16,000,000 in a nationwide settlement of all claims alleged against ADT in Michael Edenborough v. The ADT Corporation and ADT, LLC d/b/a ADT Security Services, Case No. 16-cv-02233-JST (USDC ND California) (“the Edenborough Action”) and several other putative class action cases filed on behalf of ADT customers nationwide (“the Related Actions”). The proposed settlement (“the Settlement”) is a compromise of all claims alleging that ADT failed to disclose an alleged vulnerability of the wireless signals in its residential security systems to evasion or jamming by electronic devices. ADT denies the allegations, denies liability, and asserts numerous defenses. The Settlement avoids the costs and risks from continuing the lawsuit, pays money to certain current and former ADT customers, and releases ADT from further liability (except for claims of personal injury or for loss of or damage to property).

Respectfully submitted, 

Jeffrey Zwirn, President, Zwirn Corporation

(2)
CH
Corbin Hambrick
Jan 12, 2018

Jeffrey,

Do you have any data of the lawsuits say within the past 3 years or so?  ...and of that data does it show who ended up paying the price for the liability?

Mostly I'm curious if any manufacturers have had to pay out in any lawsuits, and what percentage of the damages paid came from manufacturers vs. distributors vs. dealers.

LT
Larry Tracy
Jan 12, 2018

Of course a affirmative defense is that the regulatory bodies of our industry do not require data bus protection.

why not ?

to the point just made there are many other ways to defeat security systems how far do we have to go. At some point the cost of the system exceeds how much the customer is will to pay. 

(1)
U
Undisclosed #3
Jan 12, 2018

"regulatory bodies of our industry do not require data bus protection"

case dismissed

(1)
(1)
(3)
JZ
Jeff Zwirn
Jan 15, 2018

Larry: 

Liability in forensic cases is not limited to codes, standards and regulatory bodies or to other ways that an alarm system can be defeated.  Please review the legal opinion letter from Attorney Revness which is referenced in the IPVM. article. There are also duties and inherent safeguards and omissions issues as well, but that is not all. 

Mike Revness is legal counsel to the NJ Electronic Security Association and to the Pennsylvania Burglar and Fire Alarm Association. He has represented companies as far back as when Security Link was in operation at its peak.

Interestingly, I have not seen one response from any alarm industry attorney who disputes Attorney Reveness's legal opinion letter about the Interceptor. 

Similarly, many of the persons responding are not willing to disclose who they are, which to me makes their comments suspect. In other words, if a person has an opinion that is opposing or not, they should disclose who they are, then we can see what standing they have to support what they posit, besides their mere words.   

Respectfully submitted,

Jeffrey D. Zwirn, President, ZWIRN Corporation

(2)
JH
John Honovich
Jan 15, 2018
IPVM

I have not seen one response from any alarm industry attorney who disputes Attorney Reveness's legal opinion letter about the Interceptor.

How many total attorneys have publicly responded to Reveness's legal opinion letter? Please share links to those responses or least their names and we'll be happy to check and update the post with that.

(3)
JZ
Jeff Zwirn
Jan 16, 2018

Thank you John. No one to date has disputed Attorney Reveness's legal opinion letter and it has been widely publicized. 

(2)
U
Undisclosed #3
Jan 15, 2018

"Similarly, many of the persons responding are not willing to disclose who they are, which to me makes their comments suspect. In other words, if a person has an opinion that is opposing or not, they should disclose who they are, then we can see what standing they have to support what they posit, besides their mere words."

This is a well-worn (and in my opinion, as someone who posts Undisclosed a lot here) and uneducated position taken by posters here at IPVM.... or at least by those that are able to post what they think (without any potential repercussions to employment status).

You can 'suspect' my comments based on my Undisclosed status all you like.... however, I was hoping that you could just defend your own position without casting aspersions at those that don't possess the same luxury that you do, to post everything under their own name.

(1)
(1)
JZ
Jeff Zwirn
Jan 15, 2018

I cast aspersions on any person who comments in an anonymous manner. You do not have to agree, but this is disconcerting and is not the way I operate forensically or in any other forum. Anonymous is not well worn in the forensic world. It is unacceptable.

People in the industry that have expertise do have the luxury to speak their minds, and do just that, and this happens whether they are an employee of a company or not. I would like you to explain why you do not have the luxury to disclose who you are, so all of us could understand same. 

How could a credible and defensible opinion cause "potential" repercussions to employment status. 

 

Respectfully submitted,

Jeffrey D. Zwirn, President, Zwirn Corporation.

 

(2)
U
Undisclosed #6
Jan 15, 2018

Because, right or wrong, many organizations have strict policies against posting on social media using the employee's own name.

(2)
JZ
Jeff Zwirn
Jan 16, 2018

Good point. But in the organizations that I am a member of and/or serve on their technical committees such ASIS International, ESA, CSAA, NFPA, UL, ASCET and SIA, we do not operate under a veil of secrecy, nor would it ever be acceptable to act in any forum without disclosing who you are.

Any suggestion that any and/or all of these organizations are wrong in what they do regarding same is simply erroneous.

Undeniably, each of these organizations are authoritative and IPVM should consider following their recognized practices. If not, then the weight of the anonymous will always be suspect and considerably less than important then someone who posts their name and their background.

Respectfully submitted,

Jeffrey D. Zwirn, President, Zwirn Corporation.

 

NOTICE: This comment has been moved to its own discussion: Do Not Operate Under A Veil Of Secrecy, Nor Would It Ever Be Acceptable To Act In Any Forum Without Disclosing Who You Are.

(2)
Avatar
Ari Erenthal
Jan 16, 2018
Chesapeake & Midlantic

I'm okay with judging an argument on its merits and not on its presenter. 

(4)
(1)
U
Undisclosed #2
Jan 15, 2018
IPVMU Certified

How could a credible and defensible opinion cause "potential" repercussions to employment status.

Maybe he works for you ;)

(1)
JZ
Jeff Zwirn
Jan 16, 2018

Anyone who works for my companies is able to speak their opinion to me and/or on a site such as IPVM. 

Respectfully submitted,

Jeffrey D. Zwirn, President, Zwirn Corporation.

(2)
JZ
Jeff Zwirn
Jan 15, 2018

Larry:

You wrote that "regulatory bodies of our industry do not require data bus protection" and you also added in a 4 second video clip.

However, from a legal perspective this does not dismiss the case. Once again I direct you to Attorney Revnesses legal opinion letter on The Interceptor.

To further support my position as to what creates liability, or not; many national alarm company's have been successfully sued for failure to disclose that their wireless alarm systems were not encrypted. Clearly, "regulatory bodies of our industry do not require that wireless alarm systems be encrypted" so your point is not defensible. Moreover, I defer to alarm industry lawyers, like Attorney Revness. 

Please remember that every case has a different fact pattern so you cannot take a one size fits all approach to risk and liability, and then try to hide behind what regulatory bodies do and/or do not do. I have forensically represented hundreds of alarm companies. One last example for brevity is what they require in the State of New Jersey whereby in the licencing laws it states in part that; no alarm company can do anything which endangers the welfare, safety and heath of their customers. (not quoted verbatim). This is not just about selling and/or licensing the Interceptor, it is about making alarm systems safer and any product that does just that should be supported.   

Respectfully submitted,

Jeffrey D. Zwirn, President, ZWIRN Corporation

 

(3)
U
Undisclosed #3
Jan 15, 2018

"One last example for brevity is what they require in the State of New Jersey whereby in the licencing laws it states in part that; no alarm company can do anything which endangers the welfare, safety and heath of their customers. (not quoted verbatim). "

Is this is a joke?

You are conflating a positive action (doing anything that endangers the welfare, etc...) with negligence.

They are not (legally) the same thing (imo*)

*IANAL

(1)
JZ
Jeff Zwirn
Jan 15, 2018

In the State of New Jersey, alarm contracting licensing laws are a statutory duty. This is similar to other states which have alarm contracting licensing laws as well. There are also violations which can be initiated against an alarm contractor through its acts of gross incompetency as well as negligence and gross negligence. Obviously, the goal of an alarm contractor in part, is to comply with its duties and to help minimize its risk and liability.

That being said, I am one of the instructors in New Jersey who is approved by the State to teach the alarm contracting licensing laws course and I have done just that, so I have subject matter expertise in this area.  Notably, I am also a Certified and Licensed Alarm Contractor as well.

With this in mind and in any event, there is no confusion on my part. 

The liability applies to any product which you select and install as an alarm contractor and to other actions and inactions of an alarm contractor.

Again, unless you have subject matter expertise in these areas I would not expect you to understand the concepts which are commonly litigated against alarm companies. Conversely, since 1980 I have been retained as an alarm expert for defendant alarm companies across the country.

It would be helpful if you disclosed who you are and as to your alarm industry background, if any, and as to any forensic expertise, if any,      and if you are an instructor in the State of NJ, and if you are a Certified and Licensed Alarm Contractor in NJ or in any other State so all readers could see what in your background supports your comments.

To the extent that you are an employee of a company, I cannot see how disclosing who you are could ever put your job at risk.   

Respectfully submitted, 

Jeffrey D. Zwirn, President, Zwirn Corporation. 

 

 

 

 

 

 

 

 

 

(2)
U
Undisclosed #3
Jan 15, 2018

"To the extent that you are an employee of a company, I cannot see how disclosing who you are could ever put your job at risk."

well then, this just supports my personal theory that you are somewhat tone-deaf in certain areas outside of your personal (and credentialed) field.

I am unable to post everything I personally believe because I work (in a really low position) for a very large multi-national company.  And one of the tenets that I like to personally observe is that one must never cause harm to one's employer.

Because I am not privy to everything related to my companies position on everything, I am not free to post my own personal sarcastic comments (that I REALLY want to be able to post in response to most of your comments) - because anyone further up in my corporate food-chain could take my comments in a different way than they were intended.... or maybe even, my words were received in the way they were intended - and it still offends them somehow.

I am not willing to take that chance - even if others, like you, disparage me because of my posting as Undisclosed.

As many - besides me - have pointed out, your go-to move in the entire string is objectionable.... even with the understanding that you are passionate and a true believer in your product.

Fear is what door-knockers use to convince suburban housewives to buy their 5-yr monitored alarm contracts.  You should understand this and position yourself - and your invention - above this threshold.

You are doing a disservice to your own success by being the front man for your invention.

BRK had it right from jump street.

(1)
JZ
Jeff Zwirn
Jan 16, 2018

If you are in a low position in your company your opinion still counts. However. a low position would tend to indicate that you have limited experience. This is not about fear it is about reality. In any event, I must dispute what you posit.  As to you being unhappy that I am the "front man" of my invention, are you suggesting that I should use someone with less knowledge and experience, so someone can say that the person trying to educate about the Interceptor only has limited experience? I think not.  

What have you invented and how many patents do you have Undisclosed #3? 

Respectfully submitted,

Jeffrey D. Zwirn, President, Zwirn Corporation.

(2)
U
Undisclosed #3
Jan 16, 2018

Jeffrey,

You are a far more credentialed person than I will ever be in my lifetime... even if that were my goal.

You can continue to create paper tigers in your rebuttals - while avoiding all the things that lots of people here have commented on regarding the 'need' for your product.

I hope you achieve what you are looking to accomplish... I really do.

But I am done debating ideas if all you can fathom is your own (credentialed) perspective.

Peace be with you, and keep fighting the fight.

(1)
LT
Larry Tracy
Jan 16, 2018

So Jeff have you designed your wonder board to protect itself and the alarm panel from a HPM or TED attack? If not why not?  Under New Jersey law as you explain it you are negligent for not doing so. BTW I can tell looking at your circuit board you have not done so. 

(1)
(1)
(2)
JZ
Jeff Zwirn
Jan 15, 2018

Larry:

Thank you for your feedback. You are not looking at this from a legal perspective and as to liability.  Therefore, please review the legal opinion letter from Micheal Revness which is attached to the IPVM article. 

Respectfully submitted, 

Jeffrey D. Zwirn, President, ZWIRN Corporation

 

 

 

(3)
LT
Larry Tracy
Jan 15, 2018

Jeff

I have a great deal of experience ( sadly) with the legal system having run major manufacturing corporations in the this industry. Yes I look at everything from a legal and technical perspective.

A parallel is the automatic door industry where we made motion sensors and safety beams and got sued on the average of once a month for twelve years. In every case, that actually went to trial ( very few) the court fell back on ANSI standards which applies to the automatic door operation and technology.

In this instance, UL nor ETL or NFPA ( or Cal Fire Marshall) standards require a manufacturer to use special protection of the data bus. Honeywell, whom I ran a division for is VERY overly cautious to not get sued,. yet according to you they are shipping unsafe products. As I am a Honeywell dealer I have yet to see a tech bulletin on this subject recommending anything. Why not? What has Honeywell told you about this subject?

ADT has a few million Honeywell panels in the field what is their position on this issue?

Others have asked you:

How many cases have there been with losses to the manufacture or dealer due to data bus damages? You seem to not want to address this question????

What about all the other ways a security system could fail or be compromised of which there are many?

I just discussed this with my former corporate attorney and he has a different opinion than your guy. You line up 10 attorneys and asked the same question your going to get ten different answers. My legal conclusion, after doing a lot of talking about this, is if we use equipment approved, and installed by industry standards, by the regulatory bodies for our industry then you are not going to be held at fault. 

Even in the VERY unlikely event you were found at fault and then you have a Kirschenbaum contract which limits your liability.

When I think about the fire alarms I have installed, its going to be extremely unlikely the data bus will melt before a multitude of detectors give an alarm. One of the great reasons we put a smoke detector over the fire panel.

I must say I agree with John Honovich, you do a have conflict of interest and appear to be trying to scare everyone into using your product. But please answer his questions they are legitimate ones.

 

 

 

(1)
(2)
JZ
Jeff Zwirn
Jan 16, 2018

Larry:

Thank you for your feedback.

We agree to disagree. 

As to me educating the industry on my invention, which was a direct result of my forensic investigations nationally, what would your idea look like as to how it should be presented? 

There is no conflict of interest here, since the person receiving the information knows who invented it, and knows what their background is. Others in the alarm industry should present their products with the same transparency. Please see what one of the most respected global engineering, construction and project management companies states in their conflict of interest requirements

About Bechtel

Bechtel is one of the most respected global engineering, construction, and project management companies. Together with our customers, we deliver landmark projects that create long-term progress and economic growth.

Bechtel has established a process to review and prevent actual or apparent conflicts of interest. It provides requirements for disclosing potential conflicts of interest and the process for obtaining a conflict of interest review. It applies to all Bechtel organization and entity employees, contract labor, consultants, and others acting for the company.
 
Respectfully submitted, 

Jeffrey D. Zwirn, President, Zwirn Corporation

 

(2)
JZ
Jeff Zwirn
Jan 16, 2018

Larry: 

Please consider when a company installs listed versus non-listed alarm system equipment such a siren driver that is not listed or a relay that is not listed to save money, or out of ignorance.

Is it ever acceptable to allow profitability of a company and/or an equipment manufacturer and/or a central station, to override the safety and security of a subscriber to enhance their profits?  Of course it is not.

I design and install alarm systems correctly and I am unilaterally consistent with this methodology in the training that I have provided and continue to provide to the technical community of the alarm industry and in my peer reviewed book, the Alarm Science Manual. There are many peer reviewers of my book, which include, but are not limited to industry legend Ralph Sevinor and legal legend for the Alarm Industry Lessing Gold.  I am glad to send you a copy of my book if you would like to read it.

I do not know of any special protection that the Honeywell equipment has on its data-bus. Please elaborate.

The technology now exists to make many equipment manufacturers control panels safer, and if my technology was integrated into their control panels, it would accomplish that task as it relates to the control panels data-bus vulnerability. The costs would be minimal as well.

Think about it, is there any other part of an alarm system that is not supervised, except for the data-bus? The short answer is NO.

By way of example: AC input- Supervised; DC Battery- Supervised; Normally Open and Normally Closed Circuits- Supervised; Audible Indicating Devices- Supervised; Automated DACT and Wireless GSM Radios- When Monitored properly shall be Supervised by the Remote Station or Central Station.

If someone else has another invention to make a control panel safer, or any other part of a security system safer, I would not wait to blink if the technology worked as represented and yes the subscriber needs to be informed and charged accordingly.

Before the Interceptor was developed by me, there was no technology to address the Honeywell and other control panels vulnerability on their data-bus; so since the Interceptor was invented, it is germane as a solution.

The same rationale holds true as to encrypted wireless now being available from Honeywell. 

Equally important, when Honeywell offered their Lyric control panel and promoted its advanced features, was it wrong for them in your opinion to market their advancements because I do not see any difference. Without question, Honeywell's encrypted wireless is much more secure and makes the Honeywell products much safer. When have you ever heard of a successful SDR attack during a burglary on a non-encrypted wireless alarm system. 

It has happened but compared to the data-bus vulnerability from fire and intrusion, and the Interceptor, it is far removed from the same level of foreseeability. 

Respectfully submitted, 

Jeffrey D. Zwirn, President, Zwirn Corporation

(2)
JZ
Jeff Zwirn
Jan 16, 2018

Larry 

A fire starting in an attic that attacks the data-bus is not going to be detected by a smoke detector nor would a smoke detector above the FACU be able to detect same either.

The Interceptor like many other alarm products, such as the Invention of Cell Units for Alarm Systems and CO Detectors under UL-2075, are designed to make alarm systems safer. It is not about scaring anyone, it is about trying to address a vulnerability that before now was not addressed. Remember the first generation of CO detectors without end of life warning and no trouble contacts if its electrochemical sensor prematurely failed?  

Kens contract is excellent, but no alarm contractor can expect that their contract or even Ken's contract, will always protect them no matter what they do and/or do not do. I hope that you are not suggesting otherwise. 

I would not expect that Honeywell would send out a technical bulletin on the issue at hand, and just like you, my company provides Honeywell equipment to customers, but when the non-encrypted wireless claims started to be filed against national alarm companies, for both the alarm dealers and equipment manufacturers failing to disclose to their subscribes that their wireless system was not encrypted, I still never received a technical bulletin; so I do not think it is an understatement to posit that getting or not getting a technical bulletin is a save all to create or minimize liability. 

If you have a lawyer that is willing to put something in writing I would surely like to see it. Given that, if you talk to ten lawyers you will get many different opinions, that is why I wanted  to see a legal opinion letter in writing and from an alarm industry lawyer as well; not a generalist. Similarly, in a litigated there is always an argument between the two parties, ergo that is generally a condition precedent as to why suit was filed.

A Defendant can always try to argue anything, but if someone dies or is seriously injured or suffers a loss, due to an accidental or intentional data-bus failure, it defies logic that any alarm contractor and/or any equipment manufacturer would not want to help protect their subscribers.

Respectfully submitted,

Jeffrey D. Zwirn, President, Zwirn Corporation

(1)
LT
Larry Tracy
Jan 16, 2018

Your making an assumption that my fire alarms do not have attic protection and you are wrong, as they all do. 

Honeywell claimed for years they had encryption on their wireless albeit maybe not good enough. 

I must say having manufactured and sold hundreds of thousands of alarm panels to dealers worldwide I have NEVER heard of a data bus failure. I have heard and seen many failures due to hardware and software bugs. Does your invention inject a supervisory signal through all the components of a alarm panel to supervise for component failure? 

What are we as an industry doing about jamming of GSM radios ? I have seen this failure mode as well. Depending on when the supervisory signal is set for and transmits it could be almost 24 hours to know it has failed. I think the weakness in the GSM transmission technology is much more common than data bus failure. The cable to the external antenna is not supervised either. 

JZ
Jeff Zwirn
Jan 16, 2018

Larry: 

You asked the following question.

How many cases have there been with losses to the manufacture or dealer due to data bus damages?

I have been involved in literally hundreds and hundreds and hundreds of cases since 1980 and yes the equipment during certain time periods was different than it is today and so was the technology. Therefore, something had to be done, so I invented the solution and now it is more important than ever, as there are such a multitude of devices which are required to reside on the data-bus, it is remarkable and in my opinion foreseeably dangerous.

You also stated that; In this instance, UL nor ETL or NFPA ( or Cal Fire Marshall) standards require a manufacturer to use special protection of the data bus. 

I think what you point out here resonates with what my concerns are today with the data-bus vulnerability on many popular control panels.

One final note, the litigation and the forensics of experts today, including myself, are vastly different then when I first testified in 1980, so it is mission critical that both alarm dealers and equipment manufacturers use their best efforts in helping to best electronically protect their subscribers before any type of loss occurs. 

Respectfully submitted,

Jeffrey D. Zwirn, President, ZWIRN Corporation

 

 

 

(2)
U
Undisclosed #2
Jan 12, 2018
IPVMU Certified

Apparently posting as Undisclosed reduces liability as well.

(2)
(1)
(1)
JZ
Jeff Zwirn
Jan 15, 2018

Anyone who wants to makes comments in an undisclosed fashion and wants to hide behind the fact that they could lose their job if they disclosed who they are, should state so in their comments with specificity.  In other words, mere words without a background of who these people are, as to their education, skill. knowledge, training and experience is very troubling to me. 

In fact, I have not seen one comment whereby the undisclosed person has stated why they believe that they need to be undisclosed.

Conversely, in the litigated cases which I have been forensically involved in since 1980, no one who remains anonymous can testify, nor can they be deemed credible, nor would a jury or court ever hear any of their opinions.  I think that IPVM should recognize the value of transparency and full disclosure.

Respectfully submitted,

Jeffrey D. Zwirn, President, Zwirn Corporation.

 

 

 

 

 

 

(2)
(2)
Avatar
Brian Karas
Jan 15, 2018
IPVM

Jeffrey -

The rationale behind Undisclosed posters has been "asked and answered" repeatedly in the past. Undisclosed posters are not "hiding", it is a feature of IPVM that was added due to user demand and practical requirement.

Questions asked as Undisclosed are not any less valid then those asked by people disclosing their real names. When and if a person attempts to use Undisclosed to hide some personal interest, affiliation, or conflict of interest, in a topic, we call it out appropriately (not disclosing their name, but making other commenters aware of the conflict/association).

You can be assured that the IPVM admins are aware of the identities of the Undisclosed posters here and that you should consider their questions no less valuable, or suitable for response, than any other questions.

Conversely, in the litigated cases which I have been forensically involved in since 1980, no one who remains anonymous can testify, nor can they be deemed credible, nor would a jury or court ever hear any of their opinions. 

Should IPVM ever branch out into being a court system, we will keep this advice in mind. For now though, Undisclosed posts are as credible as any other post.

(2)
(1)
JZ
Jeff Zwirn
Jan 16, 2018

Brian:

I strongly dispute that you have "asked and answered" anything about allowing persons to post as Undisclosed. As you know, I am not the first and will certainly not be the last person to question same.

Think about it, UL, FM, CSAA, NICET, SIA, CSAA, NFPA, ESA and ASCET have never followed this "rationale". Are you truly saying that all of these organizations with probably millions of users are wrong? 

User demand and practical requirement are never a replacement for transparency. 

Undisclosed persons are grossly less valid than persons who disclose who they are

 

I appreciate what IPVM does, but allowing persons to comment anonymously is not helpful at all, nor is it fair to persons who disclose themselves and take full responsibility for their respective positions.

Respectfully submitted,

Jeffrey D. Zwirn, President, ZWIRN Corporation

(2)
U
Undisclosed #2
Jan 16, 2018
IPVMU Certified

I appreciate what IPVM does, but allowing persons to comment anonymously is not helpful at all...

I assume you can see, but choose to ignore the irony here; namely that anyone that would actually be concerned about being asked:

Would you ever knowingly recommend and install any alarm system if it contained an unprotected vulnerability on its data-bus?

would be better off not being named in a discussion regarding the same.

Also, considering you seem quite interested in the identity of the posters here, were something unfortunate to happen involving one of them, you might even remember their name and be able to add your direct testimony:

Given that, my opinions for both plaintiffs and defendants alike as to identifying responsible parties and helping to minimize liability and risk, have been part of my core competence for almost four decades.

...is common practice for forensic experts to assist counsel in their questioning of deponents. No kidding. This is equally important for both Plaintiffs and Defendants who I have worked with since 1980...

In short, if you are right about the risk, why should anyone make on the record statements?

(1)
JZ
Jeff Zwirn
Jan 16, 2018

Thank you for your feedback. When I identified the problem I invented the solution. Remember the saying, if you see something you should say something. Well I did just that.

(2)
U
Undisclosed #2
Jan 15, 2018
IPVMU Certified

If In other words, mere words without a background of who these people are, as to their education, skill. knowledge, training and experience is very troubling to me.

I’m not sure why my Undisclosed comments should be troubling to you. Please review again.

Overwhelmingly I have posted only questions, both technical and otherwise, with very little opinion that would require me to list my CV. 

To your credit, you have answered almost all of them promptly.

However, I cannot overlook the fact that you cannot provide (other than anonymously) Exhibit A in your presentation: Namely a judgement against an Integrator who installed an unprotected databus system.

This is key, as you return time and time again to this liability argument in your rhetoric.  Imagine if you could actually post s few actual cases with awards, that would be convincing, no?

Anyway, I would be interested in any cases regarding databus liability at this point.  Whether you were or weren’t involved, whether they were settled, Manufacturer or Integrator.  Anything.

And I have searched myself and can’t find them, though it’s admittedly tough depending on how they might be worded.  Also, I can’t find any on Ken K.’s site either.

(1)
JZ
Jeff Zwirn
Jan 16, 2018

Thank you for your response. It's interesting that you respond as undisclosed but when I tell you that these cases are settled under strict confidentiality agreements for obvious reasons, you think this is rhetoric? It is not even close.

Disclosing names would breach the confidentiality agreements and often times, court orders as well.

Location: New Jersey, a nationally recognized alarm system company settles a case for 35 million dollars due to the death of two persons. One is a doctor. The failure of the system was due to a data-bus attack by fire. 

Location: California, an alarm company and equipment manufacturer settles a case for 6 million dollars on a subrogation claim; when a fire alarm system in a household is rendered non-functional due to fire attacking the systems data-bus and no signals transmit to the remote station.

Location: St Louis, two persons are seriously injured when a fire attacks the systems data-bus and it fails to report an alarm signal to the remote station. The equipment manufacturer settles the claim for 4 million dollars.

Judgments can be public record, but in the cases that I am involved in when a judgment is rendered, the non-prevailing party often times agrees to pay the judgment in exchange for a confidentiality agreement. See Security Sales and Integration magazine for articles that I have authored and for articles that have been authored about me and the forensic cases that I have been involved in as a forensic expert. 

It is rare for any of the parties names to be disclosed and once again it is for obvious reasons. 

These are but a few of the cases. Remember, it was these and other loses that I forensically investigated which were the impetus of me inventing the Interceptor. Otherwise how I would I have gained  this technical awareness? 

Respectfully submitted, 

Jeffrey Zwirn, President, Zwirn Corporation

 

(2)
JZ
Jeff Zwirn
Jan 15, 2018

I agree. Its easy for persons who are not disclosed to posit without anyone knowing who they are.

(3)
(3)
U
Undisclosed #3
Jan 15, 2018

wrong.  Undisclosed does not mean nobody knows who I am.

Every IPVM admin knows who I am.

(5)
(1)
JZ
Jeff Zwirn
Jan 16, 2018

IPVM knowing you, does not help at all for disclosed commenter's being able to evaluate who you arem and as to your core competencies, independently of IPVM.

(2)
(2)
Avatar
Brian Karas
Jan 15, 2018
IPVM

Jeff -

Considering that customers tend to have a somewhat limited overall budget, is it your position that the Interceptor is bar-none the most effective way to spend $120 with the goal of increasing the overall effectiveness and reliability of their system?

Your arguments here revolve around integrators being liable for not doing everything they could to ensure the system performs as intended, and protects the safety of its users.

Is the Interceptor a better spend of $120 than adding more door/window contacts, alarm screens, CO detectors, backup dialers, security cameras, etc?

When you posit that the Interceptor should be sold with every system with a vulnerable databus, what do you estimate the "average" system to be made up of in terms of percentage of ingress/egress points monitored, life safety devices installed/monitored (smoke alarms, CO alarms, etc.)?

If a user had to choose between having an Interceptor installed, and having a monitored smoke alarm installed (e.g.: assuming they have to choose one or the other within their budget) which device would you say has greater practical value for providing safety and security?

(3)
(1)
JZ
Jeff Zwirn
Jan 16, 2018

Brian:

Thank you for your comments. In my over forty (40) years of experience in the alarm industry,   I have found that some customers have a limited budget, and I have also found that many other customers want an alarm system which provides for real security, not just three doors and a motion detector, and by no means would these customers ever believe that they could get an alarm system of quality for free.

The Interceptor provides safety and security to the data-bus; which as you know, and until now, was not available on the control panels addressed. Comparing it to a bar-none equivalent is not the way to judge its value. By way of explanation, what about the millions and millions of existing alarm systems that alarm contractors are aggressively paying multiples to acquire at the tune of  a 30 to 40 times multiple, and more, of RMR? How about using the Interceptor at a cost of just $120 in order to demonstrate to this class of accounts; that the alarm contractor does not purchase or that they cannot afford to buy; that the alarm contractor, will provide a safety and security enhancement to their existing alarm systems control panel, either for free, or at some other cost to earn this new customers RMR business. You do the math. Once the alarm dealer demonstrates what happens to this customer’s control panel without the Interceptor, and what happens when the Interceptor is installed, on that same control panel, I have found it to be a game changer.

As to your bar none proposition, with regards to protecting the control panels data-bus, yes it is one of the best ways to make an alarm system safer, at just $120. That said, as licensing of the Interceptor technology ramps up, the costs for this technology will be greatly reduced.

The primary focus of using the Interceptor, which is made in the US, is laser driven around making the alarm system safer, and consequently, better protecting families and business owners who rely on their security systems for peace of mind, and to help them minimize serious personal injury, death, and loss of assets. Contemporaneously, it dramatically reduces risk and liability to the alarm dealer, and the equipment manufacturer as well. In other words, recommending and installing the Interceptor is a win, win situation. Comparing the minimal investment of the Interceptor to other component parts of the alarm system is apples and oranges, but if the data bus foreseeably fails, either accidentally or intentionally, none of what you referenced except for security cameras would function as intended; to the extent that the control panel set utilized a wireless radio alarm transmitter for all communications to the central station.

When you posit that the Interceptor should be sold with every system with a vulnerable databus, what do you estimate the "average" system to be made up of in terms of percentage of ingress/egress points monitored, life safety devices installed/monitored (smoke alarms, CO alarms, etc.)? That question varies greatly so it depends; but once the Interceptor technology is licensed, its costs will be dramatically reduced. Additionally, I have authorized dealers who have used the Interceptor, as a way to close the sale; so what is that worth?

This is just the tip of the iceberg,

 If a user had to choose between having an Interceptor installed, and having a monitored smoke alarm installed (e.g.: assuming they have to choose one or the other within their budget) which device would you say has greater practical value for providing safety and security? Brian, with all due respect, the proper terminology of what the alarm industry monitors, is not a UL-217 Smoke Alarm, it is a Smoke Detector. Moving on, just installing one smoke detector in a home would not comply with industry standards, as there is no best location for a single smoke detector in a household.  The proper quantity of smoke detectors has a great value, but if the data-bus fails, as elaborated to previously; the smoke detectors life safety function, will both dangerously and instantly fail.

Think of any product in the industry that makes alarm systems safer, and you will now find the Interceptor. 

Respectfully submitted,

Jeffrey D. Zwirn, President, Zwirn Corporation

(2)
(1)
U
Undisclosed #5
Jan 15, 2018

Jeff,

With respect, you've made your point long ago up-thread.  At this point you're doing yourself no favors.

Sincerely,

An IPVM member who chooses to remain undisclosed due to employer policy but doesn't have to justify it to anyone anyway.

(5)
(4)
JZ
Jeff Zwirn
Jan 16, 2018

Point made. However, I have responded to many individually with different points of view, so that is why I have been duplicative 

(2)
(2)
U
Undisclosed #2
Jan 16, 2018
IPVMU Certified

Can IPVM reach out to Honeywell, et al, for comment, if it hasn’t already?

(1)
(1)
UI
Undisclosed Integrator #7
Jan 17, 2018

This thread gives me Rockoff flashbacks due to the sheer arrogance on display.

(5)
(1)
(4)
U
Undisclosed #2
Jan 17, 2018
IPVMU Certified

Actually he makes Rockoff look like Job.

(1)
(1)
JZ
Jeff Zwirn
Jan 17, 2018

To All: 

For your information and in support of what I advised you about in pertinent part: 

https://www.adthomesecuritysettlement.com/

ADT Home Security Settlement

Michael Edenborough v. The ADT Corporation and ADT, LLC d/b/a ADT Security Services
United States District Court, Northern District of California, Case No. 16-cv-02233-JST

Welcome to the ADT Home Security Settlement Website

IF BETWEEN NOVEMBER 13, 2009 AND AUGUST 15, 2016, YOU ENTERED INTO A CONTRACT WITH ADT OR AN ADT DEALER FOR INSTALLATION OF A RESIDENTIAL SECURITY SYSTEM THAT UTILIZES ONE OR MORE WIRELESS SENSORS, THIS NOTICE CONTAINS IMPORTANT INFORMATION THAT MAY PERTAIN TO YOU. PLEASE READ IT CAREFULLY. YOU COULD GET A PAYMENT FROM A CLASS ACTION SETTLEMENT, BUT YOU NEED TO SUBMIT A FORM TO DO SO.

ADT CORPORATION and ADT LLC (collectively “ADT”) has agreed to pay $16,000,000 in a nationwide settlement of all claims alleged against ADT in Michael Edenborough v. The ADT Corporation and ADT, LLC d/b/a ADT Security Services, Case No. 16-cv-02233-JST (USDC ND California) (“the Edenborough Action”) and several other putative class action cases filed on behalf of ADT customers nationwide (“the Related Actions”). The proposed settlement (“the Settlement”) is a compromise of all claims alleging that ADT failed to disclose an alleged vulnerability of the wireless signals in its residential security systems to evasion or jamming by electronic devices. ADT denies the allegations, denies liability, and asserts numerous defenses. The Settlement avoids the costs and risks from continuing the lawsuit, pays money to certain current and former ADT customers, and releases ADT from further liability (except for claims of personal injury or for loss of or damage to property).

Respectfully submitted, 

Jeffrey Zwirn, President, Zwirn Corporation

(2)
JZ
Jeff Zwirn
Jan 17, 2018

If you read me regularly, you may recall columns and articles regarding a class action lawsuit filed against ADT where plaintiff, a residential subscriber, alleged ADT’s wireless home security equipment that could be hacked by third parties (see www.securityinfowatch.com/12067881).

As a result, the complaint claimed, signals from ADT’s systems (from panel to peripherals and back again) could be intercepted and interfered with by persons who wanted to gain access to premises. This month’s column provides an update – and a resolution from ADT’s perspective.

Since I last wrote about the initial class action lawsuit (Baker vs. ADT – read the full complaint at www.securityinfowatch.com/12022162), additional groups of plaintiffs filed similar class actions against ADT in other state and federal courts. All said, ADT faced consumer protection-type class action lawsuits in state or federal courts in four different states – California, Illinois, Arizona and Florida.

Generally speaking, the various class plaintiffs claimed that third parties – burglars – could disable or suppress ADT’s residential security systems or cause those systems to activate where there actually was no security breach. According to plaintiffs, would-be burglars could do so in order to determine if police were dispatched in response to an alarm and, waiting until police were not dispatched, in order to strike. At least one plaintiff also alleged hackers could use a subscriber’s security cameras to spy on subscribers while in the premises.

The crux of the legal claim was that ADT told its customers the systems were secure when they were not and that ADT knew the systems were not secure.

Following months of expensive discovery, including 17 depositions and ADT’s production of 45,000 pages of documents, extensive settlement negotiations and a two-day mediation conference, ADT recently announced a $16 million settlement of the lawsuits, translating into a nationwide class settlement, the payment of legal fees for class counsel and monetary awards for subscribers ranging from $15 to $45. The amount that goes to subscribers seems quite low given plaintiffs’ allegations, but that is typical of many consumer class actions.

The class consists of all residential subscribers between 2009 and 2016. The settlement excludes a subscriber’s claims for personal injury or property damage (preserving subscriber claims for catastrophic losses).

Respectfully submitted, 

Jeffrey D. Zwirn, President, Zwirn Corporation

(2)
Avatar
Peter Giacalone
Jan 17, 2018

I've been following this online conversation and I'm a bit taken back.  I don't have skin the game regarding the product, but I do care deeply about this industry where I spent the last 38 years.  We are talking security which I would hope is a direct relation to integrity.  Putting aside the how to's and cost and how it should be sold, I would hope, that everyone would agree that this technology must be part of anything critical that rides a keypad bus.  Why the banter and borderline argument.  It really appears to be a no brainer that it is necessary.  The discussion should go to the manufacturers and providers on why it is not standard.  It would be nice to have a manufacturer that is clearly effected by this vulnerability to share some thoughts.

(1)
JZ
Jeff Zwirn
Jan 17, 2018

Dear Brian: 

Here are my responses to your questions.

Why are these "foreseeable"? Do you think a court would accept that databus failures are so common and foreseeable that alarm installers should consider them to be an almost expected point of failure/weakness?  

The recent ADT Settlement which I posted unilaterally demonstrates how significant it was (as to what is disclosed and as to what is not disclosed by an alarm contractor to subscribers) based on ADT failing to disclose to the customer that their wireless technology was not encrypted.  This was an omissions case and in my opinion ADT did not agree to pay a whopping $16,000,000 if they did not feel the liability which they were faced with in deciding to settle this case; versus going to court on it. In other words, ADT agreeing to pay a mind numbing $16,000,000 speaks volumes as to their liability here.

Also, should installers be expected to offer the customer every conceivable form of additional protection? What about using armored cable, heavy gauge cabinets, etc?

The ADT case and others demonstrate the need to offer the customer the full range of equipment and services available, which would include but not be limited to wireless radios and other technologies.

How are these alarm panel manufacturers staying business, and avoiding liabilities, for so many years without addressing this issue themselves? It is not like they could not solve the problem in the panel if they wanted to, but the additional cost is seemingly not justified.

Manufacturers and their insurance companies have been paying out on these claims for decades, you just do not hear about it for obvious reasons. Licensing the Interceptor technology would be inexpensive because it would be integral to the systems mother board, compared to someone purchasing the Interceptor’s patent pending technology add-on device, which is still cost effective based on everything that is foreseeably at risk.

Respectfully submitted,

 

Jeffrey D. Zwirn, President, ZWIRN Corporation

(2)
U
Undisclosed #2
Jan 18, 2018
IPVMU Certified

Manufacturers and their insurance companies have been paying out on these claims for decades, you just do not hear about it for obvious reasons. Licensing the Interceptor technology would be inexpensive...

Paying out on databus claims for decades?

Jeffrey, no disrespect intended to your invention, but surely these companies could easily come up with their own remediation to their own product, had they found it worth their while to do so.

By your own admission, they haven’t, which means either 1)they’re not smart enough to come up with a way of isolating the dual-band from the keypad bus or 2) they like to lose money for years on end.

So which is it?

 

(1)
JZ
Jeff Zwirn
Jan 18, 2018

Thank you very much for your feedback. Good point, but I do not think that anyone could know the answer to that question. That said, in my opinion it was completely missed, or maybe some manufacturers do not care or maybe it was a little bit of both.  Another comparison could be made to the invention of dual technology motion detectors so long ago versus companies who only made single technology motion detectors, and the first generation of CO detectors when they did not have end of life warning and/or before they had separate trouble outputs which could be connected to the control panel set of the alarm system.  

If you recall I only thought of the idea for the Interceptor after I kept witnessing, (after the fact) losses whereby the data-bus wiring of alarm systems were being accidentally attacked by fires and causing the systems to fail, in that the alarm system did not sound (because the data-bus wiring was attacked by fire in the attic and/or in the walls of the premises) and no fire alarm signal was transmitted to the central station. Again, this was identified by me during my forensic investigations of these losses.

The same holds true as to what I witnesssed with regards to intentional keypad and motion detector attacks to shut down the control panel data-bus, in an effort by the criminal element to circumvent the alarm system.

As stated above, this is information which I harvested as part of my forensic investigations that I have performed across the country since 1980. 

The Interceptor is patent pending, so any company wanting to license the technology has the opportunity to do so by contacting me directly. 

 

Respectfully submitted, 

 

Jeffrey D. Zwirn, President, ZWIRN Corporation

 

(2)
LT
Larry Tracy
Jan 25, 2018

Jeffery 

i can assure you that Radionics, C&K Systems or Detection Systems never had a claim against them for a Data bus failure in the 19 years I was in management of these companies. As I stated previously I never heard of one failure due to data bus issues. 

Also in the eleven years I have run my security company I have not had a data bus failure. 

So who as you state have been paying out these claims? 

LT
Larry Tracy
Jan 18, 2018

So Jeffery I asked you a question a few days back about HPM and TED devices defeating security systems. You either missed it or don't want to touch it.

I am still in the mode of how far to we have to go to be reasonable in terms of protection we provide. As I stated, in all my years in this industry I have yet to see a data bus failure that caused a loss, I have seen two HPM attacks that destroyed all the electronics( dead hardware does not transmit alarms) on the sites. What in your mind should we do about this? You will not come up with a add on board to solve this problem, yet these attacks are real and happen quite frequently. So are we all liable because we do not protect our clients against this type of failure? 

Why did you not design the Interceptor to withstand this type of failure mode?  

BTW a HPM attack does not erase video on a optical hard drive, but it sure does on a magnetic one. 

At Radionics we modified a control panel to withstand such an attack, and it took two people to mount it on the wall it had so much metal in it. It added more than $2000 in manufacturing cost to the alarm panel and keypad. Maybe we need to go back to direct wire alarm signaling to be sure if all else fails a signal is sent.

Do we simply warn people? I like the old Ademco warning "the limitations of your alarm system" I think its just not possible to cover every potential failure scenario which is why the Kirschbaum contract has detailed warnings and weasel clauses in it.

I agree it would be good if someone from ADT or Honeywell made their position known re these matters.

I look forward to your insight.

(1)
JZ
Jeff Zwirn
Jan 18, 2018

Sorry Larry I missed your message on same. I will certainly respond. 

I also asked you about what would your marketing of the Interceptor look like and I did not get a response either. In any event, I would enjoy your feedback. 

 

(2)
UI
Undisclosed Integrator #8
Jan 24, 2018

Larry,

I’ve sat as the manufacturers representative in depositions on a product loss and liability case.  Very large manufacturer in this industry, whose corporate attorney told me “don’t lose this, we are self insured”

The word “reasonable” keeps coming to mind.

Not speaking politically, Good Walls make Good Neighbors and in business Good Contracts make Good Customers!

As a alarm dealer, I’ve also been contacted by an insurance representative attempting to recover about $40,000.00 they paid on a customer claim and stating our service failed to meet their needs.  

Feeling generous I faxed him our agreement and asked where he wanted the $250.00 liability limit check sent since we didn’t want to dispute the claim.  He faxed back with an address.

Even a direct wire - ring back system had outages and weaknesses.  It’s just what type and where.

 

(2)
(1)
JZ
Jeff Zwirn
Jan 25, 2018

Alarm contracts cannot be relied upon to protect an alarm company no matter what they do or do not do. See Class Action case against ADT whereby ADT paid out $16,000,000. That said, the subscriber did in fact execute an ADT Contract.

The ultimate goal is to make your contracts as advanced as you say your alarm systems are, and to utilize the proper methodologies in order to help minimize loss. 

Proper training and supervision of your employees is also mission critical.

(2)
UI
Undisclosed Integrator #8
Jan 25, 2018

Installing your device would have prevented that loss?

(1)
JZ
Jeff Zwirn
Jan 25, 2018

Yes. In other words, the Interceptor detects the accidental or intentional short on the data-bus wiring, and allows the control panel set, the dual diversity radio receiving unit and the wireless radio alarm transmitter to still function reliably. Obviously, no alarm system or alarm device can prevent a loss, but it can certainly eliminate or minimize the damages sustained by keeping the control panel set functional, audibly alerting the occupants of the danger and being able to maintain a functionally reliable wireless radio alarm transmitter for central station communications, despite an impaired data-bus wiring path.

Notwithstanding the foregoing, each loss has its own unique fact pattern and each alarm system is not exactly the same for every home and business that is electronically protected. However, and despite the myriad of differences as elaborated to above, without the Interceptor being installed on the alarm system, an accidental short from fire or through an intentional attack by an intruder on the data-bus wiring, will 100% percent of the time impair all parallel connected devices that are required to be connected to the systems data-bus. 

Conversely, every other part of a professionally manufactured control panel set is electronically supervised. Finally, by simply licensing the Interceptor technology the costs to incorporate it into the design and manufacturing of the control panels which are sold today would be minimal. Therefore, there are two options for the Interceptor, it can be sold for control panels that do not have this patent pending technology as an add on device and it can be implemented into the design and manufacturing of new control panels. 

At the end of the day, and in my opinion, any product that makes alarm systems safer is a win-win situation for each of the companies who make control panels; for the alarm companies who install the products; and for      all subscribers who rely on their alarm systems for protection of their assets    and to help minimize serious personal injury and death. Of course, for businesses the same concepts generally apply.

Respectfully submitted 

Jeffrey D. Zwirn, President, ZWIRN Corporation

www.interceptorprotected.com

 

 

 

 

(2)
UI
Undisclosed Integrator #8
Jan 25, 2018

$16,000,000.00 ADT Payout

Is this claim what you reference? To be clear ADT has been sued many times so I’m just checking.

If so, how would your device prevent hacking of a non encrypted wireless system?

 

(1)
(1)
JZ
Jeff Zwirn
Jan 26, 2018

This was post to address the issue of all who reject the contention that these types of Plaintiffs claims are not alive and well. It has nothing to do with the Interceptor.

(2)
JZ
Jeff Zwirn
Jan 26, 2018

This post was provided to address the issue of all who reject the contention that these types of Plaintiffs claims are not alive and well. It has nothing to do with the Interceptor.

(2)
LT
Larry Tracy
Jan 25, 2018

I am with you (reasonable)is the operative term. Plus when the regulatory agencies that set standards for our industry don't require it and you have good contracts its pretty safe in my view. As I have said, I haven't seen or heard of a data bus failure yet. But I have seen two total system failures that were taken out on purpose by HPM type devices. Nobody wants to touch this one because there is no solution.

How far do we have to go? Nobody has mentioned jamming GSM radios which is very easy to do. So ADT pays 16 million for short range premises radios issues, is the GSM lawsuit just around the corner. Sure direct wire has its issues but if all fails you get a signal, my comment was tongue in cheek but its an example of a better solution to a potential failure mode.

I just can' go out legally and add an interceptor to a fire alarm panel in this state anyway. Its not CFM approved.

I would think if our industry is going to protect against this the regulatory bodies will require it on all new panels being submitted for approval. I bet its not expensive to add it during the initial design.

(1)
UI
Undisclosed Integrator #8
Jan 25, 2018

The industry has gone around and back on line security and what happens if you completely take a panel off line.  We are actually back in a good place except for a few million dialer only accounts.

Larry, I agree with your response. 

Jeff, How would this module solve the problem ADT paid out for?  I just feel the 16 Million dollar story is a great eye catch, but it turned into $45.00 payments per subscriber...maybe a little tabloid headlining?

 

(1)
JZ
Jeff Zwirn
Jan 26, 2018

Paying out $16,000,000 is significant. Indeed, it is much more than an eye catch in my opinion and it is certainly not designed just for Tabloid use.

As you know and generally limitation of liability provisions usually max out at $1000 so for all persons who think that an alarm contract is the be all end all, it depends on the fact pattern of the case.

The Interceptor is designed to protect the vulnerable and completely unprotected data-bus.  The salient issue here is for all of the persons who challenged my comments and opinions on what alarm companies, including the worlds largest, are getting successfully sued for.

Once again, this is not a new concept and just because many of the readers do not know what is happening in Plaintiffs cases across the country, does not eliminate by any stretch of the imagination the high risk and exposure that all alarm companies and equipment manufacturers face. Its just the nature of the security and life safety business.

(1)
LT
Larry Tracy
Jan 18, 2018

I would let someone else promote and sell it so I didn't have the appearance of the conflict of interest

(1)
(1)
(2)
JZ
Jeff Zwirn
Jan 26, 2018

Thank you very much Larry.

(1)
JZ
Jeff Zwirn
Jan 18, 2018

I do not see a difference but thank you very much! 

I will be circling back to you soon on your questions and my feedback to same.

 

(2)
Avatar
Ari Erenthal
Jan 18, 2018
Chesapeake & Midlantic

From my Facebook feed today...

 

(2)
JZ
Jeff Zwirn
Jan 18, 2018

Ari: 

Thank you very much for your post.

The hardwired addressable smoke detector loop for this Honeywell Control Panel is not interconnected to systems data-bus, so what occurred is exactly what I would expect to happen. Therefore, this loop, is isolated from the data-bus wiring of the system.

The issue that I have forensically witnessed and why I invented the Interceptor is when the systems data-bus wiring is accidentally attacked by fire, and when the fire is not first detected by any smoke detector or rate of rise heat detector on the alarm system. If you test Honeywell Vista Control Panel's, as ZWIRN Corporation did, you will see that any short on the data-bus wiring, will instantly render any of the parallel connected dual diversity radio receivers and wireless radio alarm transmitters, which are also on the data-bus, non-functional. It will also render any other equipment on the data-bus such as zone expanders and power supplies non-functional as well.  As elaborated to previously, this is the same result which happens from an intentional short, or from an attack on the data-bus from high voltage in-rush current. The Interceptor protects against these foreseeable events, so as a result, it makes the alarm system safer.

Respectfully submitted, 

Jeffrey D. Zwirn, President, ZWIRN CORPORATION

 

 

(2)
JZ
Jeff Zwirn
Jan 19, 2018

 

From: "Mr. Gary  Couch" <GCGarysPersonal@GMail.com>
Date: January 10, 2018 at 12:44:06 AM EST
To: <jeffzwirn@alarmexpert.com>
Subject: Interceptor Protected Mr. Gary  Couch

Name: Mr. Gary Couch
Email: GCGarysPersonal@GMail.com
Subject: A sincere "Thank You"
Textarea: I simply felt compelled to write you a quick note to tell you I experienced Panel lockups some 25+ years ago as "The Alarm Doctor" here in Phoenix, Arizona My cities Alarm Enforcement Department will call us on troubled systems that alarm Companies could not or would not make right for the Subscriber and before arrest war rents are issued.
We found in a full 40% of these situations, Data Loop shorts and shorts to intermittent grounds all caused by the inefficient Policing of not only the Companies them selves but moreover the Installation/Service Personnel. After years of arm wresting and finger pointing I am proud to say that every person involved in the Installation or Service of ANY Alarm system MUST carry there "Alarm Agent" license this includes all support people as well as all ownerships of all Alarm Companies in the State.
In closing, I just wanted to thank you for putting your cross sampling of grounds and bonds separate . Our number 2 issue for controller lockup is ineffective "good Earth Bonds"
I would be honored to help you champion this cause out here in the Desert Southwest. Anything you need from me I am at your service. Gary Couch 42 Years of service recent Retired just going to serve in a different capacity.

If you would send me a Whitesheet I would be happy to include it on a new Site in construction now " NowYourSecure.com"

(2)
JZ
Jeff Zwirn
Jan 19, 2018

Jeffrey Zwirn <jeffzwirn@gmail.com>

Jan 17 (2 days ago) to GCGarysPersonal, bcc: me

Gary:

Thank you for your feedback. Would you mind if I shared this information to readers on IPVM.com?

Best

-Jeffrey-

Jeffrey D. Zwirn, President

Gary Couch

9:38 PM (6 hours ago)

 

Hi Jeffrey,

Thank you for replying to my initial message to you. I felt compelled to offer information that I would be in hopes will be shared with your readership for the betterment of this Industry. Any solid information we as Senior members will offer is meant to be assimilated and practiced daily. My hope is that the next Generation of Physical Security Professionals will look at their chosen Positions as a calling and move forward with a sincere Heart in the service of others..

G Alan Couch CISSP, State of Arizona Alarm Agent # 57347, Presidents Interagency Council on Homelessness

(2)
JZ
Jeff Zwirn
Jan 19, 2018

Larry: 

Thank you for your feedback. The equipment itself, which is made in the USA, serves an important purpose. It is not designed to be a control panel.

Liability does not reside in the Interceptor, since it, like many other products is designed to perform a critical function and task; and it reliably does just that

In other words, there is no part of the Interceptor which acts like the data-bus does, when it is accidentally shorted or intentionally attacked. 

One step at a time on other ways to make alarm systems safer. 

 

(2)
U
Undisclosed #2
Jan 24, 2018
IPVMU Certified

Any chance you plan to offer a license-only Interceptor for a few less dollars?

No hardware, but just a signed statement from you saying “I, Jeffrey D. Zwirn promise not to sue the licensee...”

(2)
(3)
U
Undisclosed #5
Jan 24, 2018

I don't think it's patentable anyway.  There's plenty of prior art - the Risco bus expander/monitor for one, and I know of at least one fire alarm system that monitors its bus.  TI makes a RS485 chip that monitors the bus.  It's not new ground.

(1)
(1)
U
Undisclosed #2
Jan 25, 2018
IPVMU Certified

So let’s say I retrofit my alarm system with the Interceptor because I am worried about this keypad short attack.

Now if the keypad gets shorted, the panel will know.

But once the keypad is shorted, will the databus-connected motion detectors still be able to alert the panel?

And if not, wouldn’t the keypad short be normally only treated as trouble alert, not an intrusion alert?

 

(1)
(1)
JZ
Jeff Zwirn
Jan 26, 2018

The Interceptor Makes the Alarm System Safer by detecting an accidental short from fire or otherwise on the data-bus wiring. Concurrently, the Interceptor also detects an intentional short and in-rush current on the data-bus. That said, The Interceptor will electronically protect the control panel set from not just from an accidental of intentional short but from in-rush high voltage current as well. 

Once any of the aforementioned happens, the Interceptor protects the control panel in that it technically allows all other parallel connected equipment on the data-bus to remain isolated from the accidental or intentional short or high-voltage in-rush attack events on same, and the systems external wireless dual diversity radio receiving unit and its wireless radio alarm transmitter remain fully functional and the central station is able to receive alarm signals.

In addition, the Interceptor has three (3) outputs which are designed to be connected to separate zones on the alarm systems control panel set.  One is for a power attack, one is for a loss of data and the third output is for the Interceptors watchdog circuit. 

Now if the keypad gets shorted, the panel will know. NO..

But once the keypad is shorted, will the databus-connected motion detectors still be able to alert the panel? It depends if the hardwired motion detector was connected a data-bus connected zone expansion module because if this was the case the answer would be no since the data-bus wiring is shorted. Alternatively, if the motion detector loses power and it is hardwired to an on-board zone of the control panel set, the intrusion detection devices normally closed circuit, would open to an alarm system,

In any event, how would the parallel connected and required data bus wireless radio alarm transmitter such as the unit that AlarmNet manufacturers and Alarm.Com's units still function? The answer is crystal clear, both of these radios on the respective control panels data-bus will instantly fail under the foreseeable fact pattern presented. 

And if not, wouldn’t the keypad short be normally only treated as trouble alert, not an intrusion alert? Without the Interceptor, yes it would. However, the a keypad short shuts down the wireless receiver and the systems wireless radio alarm transmitter. 

In other words, any short on the data-bus wiring, no matter what causes it, instantly shuts down all other parallel connected data-bus wiring devices as elaborated to above. 

Furthermore, most people do not know that in 2015 there were only 393 deaths from CO, and while one death is too many, it is still mission critical to do everything you can to help minimize serious personal injury and death. The Interceptor is yet another tool in the security professionals arsenal, which until now was not available.

During 2010–2015, a total of 2,244 deaths resulted from unintentional carbon monoxide poisoning, with the highest numbers of deaths each year occurring in winter months. In 2015, a total of 393 deaths resulting from unintentional carbon monoxide poisoning occurred, with 36% of the deaths occurring in December, January, or February.

(2)
JZ
Jeff Zwirn
Jan 26, 2018

Please pardon typos and grammer errors. 

(2)
JZ
Jeff Zwirn
Jan 26, 2018

It depends if the hardwired motion detector was connected a data-bus connected zone expansion module because if this was the case the answer would be no since the data-bus wiring is shorted. Alternatively, if the motion detector loses power and it is hardwired to an on-board zone of the control panel set, the intrusion detection devices normally closed circuit, would open to an alarm condition.

In any event, how would the parallel connected and required data bus wireless radio alarm transmitters such as the unit that AlarmNet sells and Alarm.Com's units still function? The answer is crystal clear, both of these radios on the respective control panels data-bus will instantly fail under the foreseeable fact pattern presented.

(2)
U
Undisclosed #2
Jan 26, 2018
IPVMU Certified

It depends if the hardwired motion detector was connected a data-bus connected zone expansion module because if this was the case the answer would be no since the data-bus wiring is shorted.

So to be clear, the Interceptor does not protect all databus devices from being unable to communicate in case of a short, only the (critical) in-panel wireless devices, true? 

JZ
Jeff Zwirn
Jan 26, 2018

The Interceptor schematic for its connection to field devices and for its connection to mission critical devices is on this email thread or you can find it at www.interceptorprotected.com.

The devices in the field connect to one side of the Interceptor and the mission critical devices which are run on a separate 4 conductor(s) and are much closer to the control panel set more often than not such as to the wireless receiver (unless it is built into the control panel) and a wireless radio alarm transmitter. Therefore, following standard installation practices which have been used in our industry, these devices are not on the same 4 conductor data bus wiring cable that is run out to the field devices such as remote system keypads.

All hardwired motions, audio glass break detectors and other loop powered devices that come back to the control panel set for power or to a zone expansion module, will also shut down the data-bus in the event of a short from the power side of their interconnection to the control panel's data bus loop, which on the Honeywell Vista Line of Products and on the Concord Panels, it where the power output of the system is required to be connected to. At the same time, many aux power supplies are also required to be connected to the data-bus of the control panel, so we consider these detection devices as field devices as well and yes they are generally run on a separate 4 conductor cable.

I am also keenly aware of the potential that system keypads in the field may have built in wireless receivers.

If that is the systems configuration, then obviously the Interceptor cannot keep those wireless receivers in the field (which are built into the system keypads) functional if an accidental or intentional short occurs in the data-bus.

However, without the Interceptor the entire data-bus shuts down and any wireless radio which is required to be connected to the data-bus will shut down as well.

Conversely, with the Interceptor, and in that configuration, the radio transmitter would still remain fully functional, the control panel is activated by the respective outputs on the Interceptor and once again, signals are being successfully transmitted through to the remote or central station. 

 

 

(2)
U
Undisclosed #2
Jan 26, 2018
IPVMU Certified

If that is the systems configuration, then obviously the Interceptor cannot keep those wireless receivers in the field (which are built into the system keypads) functional if an accidental or intentional short occurs in the data-bus.

Yet it might not be so “obvious” to someone who purchased the Interceptor after reading:

Once The InterceptorTM detects an accidental short on the data-bus wiring or on the auxiliary power output wiring of the system or from an intentional attack on the data-bus wiring, it instantly isolates all mission critical devices from the control panels remote data-bus wiring, auxiliary power output wir- ing, and all interconnected equipment that is connected to the data-bus and/ or the auxillary power output of the control panel set.

(1)
JZ
Jeff Zwirn
Jan 26, 2018

The installation instructions which come with the Interceptor are crystal clear and a trained alarm technician would be aware of this as well,

(2)
JZ
Jeff Zwirn
Jan 26, 2018

Another point on the Listing of the control panel. Neither AlarmNet radios or alarm.com radios are part of the original control panel listing to your point which is not correct.

(2)
U
Undisclosed #9
Feb 19, 2018

I am so glad my 3 zone alarm panel now has data bus high availability failover redundancy cited in all security chapters of the galactic universal code of complex burglar alarm design situational differential paradigm equations forensically deterring all variables of intrusion criminals, penetration testers and non compliant entities, corporations and universities that fail to imply complex methodologies, eccentric constraints and dubious anomalies of elite specifications of any and all even hypothetically data bus deployments in the milky way theorem post big bang of course. 

 

(1)
(1)
(4)
U
Undisclosed #5
Apr 12, 2018

NFPA 72 2016 Chapter 23.6.1:  "A single fault on a pathway connected to the addressable devices shall not cause the loss of the devices in more than one zone."

(2)
(1)
JZ
Jeff Zwirn
Apr 12, 2018

Unfortunately, once the data-bus is shorted on the Honeywell or UTC and many other control panels, any addressable devices on the data-bus pathway will instantly be rendered non-functional. Consequently, this reference to NFPA 72 amplifies the criticality of the Interceptor Technology. The Interceptor is patented, it is made in America and it is ETL listed to UL 1023, UL 985 and UL 365. A portion of all proceeds of the sale of the Interceptor goes to charity.

LT
Larry Tracy
Apr 12, 2018

Jeff so are you saying that the approval agencies that are testing and listing fire panels are failing to verify they comply with the 2016 NFPA standard as listed by U 5?

JZ
Jeff Zwirn
Apr 12, 2018

Hi Larry:

Sure and as you know, this is not something that is an anomaly with many control panels and other alarm system equipment. In any event, testing of any Vista Control Panel by way of example will demonstrate the aforementioned. 

 

UI
Undisclosed Integrator #8
Apr 14, 2018

Larry, are you still pointing out flaws with this guy?  You are smarter than that!

U
Undisclosed #10
Apr 14, 2018

I am coming to this discussion quite fashionably late, but here is what I have learned from this thread:

 

* Data bus protection is a thing, and Mr. Zwirn is the genius that has enabled it for all of us -- except for that other company that sort of does the same thing.

* Mr. Zwirn is a bit of a savant when it comes to alarm technology, but like many savants, has absolutely no interpersonal skills or awareness of such.

* Mr. Zwirn, while making fantastical claims about the legal liabilities of integrators who don't install his product, obviously has no concept of the actual contracts that integrators use, most of which will mostly if not entirely limit the liability of the integrator for the failure of the equipment manufacturer. An integrator's liability, in a typical, well-written contract, ends with the system being installed to local codes and within the requirements of the manufacturers. But, that doesn't make nearly as exciting of a sales pitch than "Use my product or you will get sued!"

Great thread! 11/10 would read again when I'm stuck on an airplane with no wifi and this page had loaded previously.

(1)
(4)
U
Undisclosed #11
Apr 14, 2018

More erroneous comments from persons who hide behind their "undisclosed" moniker. 

 

Avatar
Brian Rhodes
Oct 08, 2019
IPVMU Certified

[October 2019 Update]

Jeff Zwirn and ex-Honeywell/Videofied executive Keith Jentoff have filed a complaint with the US Consumer Product Safety Commission that is petitioning that all manufacturers of alarm panels vulnerable to comm-bus shorting (the issue The Interceptor addresses) fix/ recall hardware, stating:

'in the interest of public safety, health and welfare, these serious dangers must be addressed and remediated immediately'

because of

'Dangerous and foreseeable vulnerabilities of non-conforming control units within the single data-bus circuit present a clear and present danger to the hundreds of millions of homes, families and businesses where all of these non-conforming control units are installed.'

Essentially the complaint addresses estimated 'hundreds of millions' of alarm panels sold over the last 25+ years, due to non-compliance or breach with NFPA 72 (among others):

'Against the foregoing backdrop, our expert and forensic analysis in this matter has identified that under certain conditions of commonality, Household Burglar and Fire Alarm Control Units and Commercial Burglar and Fire Alarm Control Units both historically and those that are currently being manufactured and old cannot and do not comply with its represented UL Standards, and NFPA 72 Standards.'

Download summary of formal complaint 'Request for Investigation of Claims of (Alarms) Non-Conformity'

We will continue to follow the response of the CSPC (expected later this year) and update here.

U
Undisclosed #2
Oct 08, 2019
IPVMU Certified

this lawsuit reminds me of the SawStop table saw litigation.

(1)
SD
Shannon Davis
Oct 18, 2019
IPVMU Certified

You know an asteroid could hit our planet at well!