4140 Ways Your Alarm System Can Fail
Alarm systems and panels were designed before the prevalence of wireless technology and communicate with a proprietary protocol over a two-wire data bus. This bus was designed for use between alarm panels, keypads and zone expanders. However this has now been extended to allow the system to communicate with wireless sensors. Unfortunately, little research has been performed regarding these systems, and operational information about them is scarce and often incorrect. This presentation will demonstrate several classic vulnerabilities of alarm installations and then present several new techniques for reducing the effectiveness of the alarm system. 4140 Ways Your Alarm System Can Fail Overview: System Overview - Client Alarm Hardware Overview - Central Office Hardware Overview System Details - Expanded Console Protocol Bus Overview - ECP Bus Accessories and Hardware - Hardwired Alarm Zone Overview - Hardwired Alarm Loop Detail - Wireless Zone Overview - Wireless Device State Identification - RF Transmission Data Structure - RF Packet Capture and Analysis - Central Office Communications System Weaknesses - Errors in Initial Programming or Installation - Architectural Weaknesses in Alarm Systems - Shortcomings of the ECP Bus - Attacking ECP Bus via Brute Force - Demonstration of Brute Force Tool - Weakensses in Hardwired Zones - Weaknesses in One-Way RF Zone Transmitters - Weaknesses in Two-Way RF Zone Devices - Weaknesses in Panel-Central Office Communications Mitigations - Proper Installation Guidelines - Removal of RF Zones - Understanding System Weaknesses - Preventing Physical Access to Critical Infrastructure.
Keith Howell: Trained as an Electronics Engineer by the British Army, Keith became interested in computers and began his learning path with a TRS-80 and has owned most Intel based processors since then. After joining UUNET Technologies in 1995, he started to get interested in the security of networks and computers and in 1998 joined the UUNET InfoSec team. Following the 'dot-bomb' period in 2001, Keith returned to his electronics background and began doing physical security including Access Control, Alarm Systems and Locksmithing. Keith is a CISSP as well as an ALOA CRL (Certified Registered Locksmith). Currently, Keith is a Security Consultant in the Washington, DC area where he is contracted to Assurance Data Inc in Alexandria, VA.