4140 Ways Your Alarm System Can Fail

Alarm systems and panels were designed before the prevalence of wireless technology and communicate with a proprietary protocol over a two-wire data bus. This bus was designed for use between alarm panels, keypads and zone expanders. However this has now been extended to allow the system to communicate with wireless sensors. Unfortunately, little research has been performed regarding these systems, and operational information about them is scarce and often incorrect. This presentation will demonstrate several classic vulnerabilities of alarm installations and then present several new techniques for reducing the effectiveness of the alarm system. 4140 Ways Your Alarm System Can Fail Overview: System Overview - Client Alarm Hardware Overview - Central Office Hardware Overview System Details - Expanded Console Protocol Bus Overview - ECP Bus Accessories and Hardware - Hardwired Alarm Zone Overview - Hardwired Alarm Loop Detail - Wireless Zone Overview - Wireless Device State Identification - RF Transmission Data Structure - RF Packet Capture and Analysis - Central Office Communications System Weaknesses - Errors in Initial Programming or Installation - Architectural Weaknesses in Alarm Systems - Shortcomings of the ECP Bus - Attacking ECP Bus via Brute Force - Demonstration of Brute Force Tool - Weakensses in Hardwired Zones - Weaknesses in One-Way RF Zone Transmitters - Weaknesses in Two-Way RF Zone Devices - Weaknesses in Panel-Central Office Communications Mitigations - Proper Installation Guidelines - Removal of RF Zones - Understanding System Weaknesses - Preventing Physical Access to Critical Infrastructure.