Wireless security questions

pbeaulieu

Active Member
I would like to know if the communication between wireless security devices is protected by encryption or passwords? I am interested in either HAI or GE wireless security devices.

Also, is there a list of recommended/compatible security devices?
 
The GE RF protocol is not a public document. To my knowledge is only available with an NDA agreement with GE.
 
I would like to know if the communication between wireless security devices is protected by encryption or passwords? I am interested in either HAI or GE wireless security devices.

Also, is there a list of recommended/compatible security devices?

Paul,

I can't go into details, but the HAI wireless product line does have protection in it. I'm confident the GE line does also, though I don't know for certain.
 
I would like to know if the communication between wireless security devices is protected by encryption or passwords? I am interested in either HAI or GE wireless security devices.

Also, is there a list of recommended/compatible security devices?

Paul,

I can't go into details, but the HAI wireless product line does have protection in it. I'm confident the GE line does also, though I don't know for certain.

What I am trying to determine is how secure are the wireless devices? I am not considering using Z-wave devices for security because it is to easy to intercept/replicaate their transmissions and defeat the whole purpose of the security device. I prefer using hardwired security devices but that is not always practical.

Are you able to comment on the security of wireless devices that HAI supports which does include HAI and GE wireless units? or is does anyone know of a review article covering this type of topic?

Thanks for any info you can provide.
Paul
 
Paul, allow me to make a comment. I completely agree I would probably not use Zwave for security, but GE (and I imagine HAI) devices were built strictly for security and I'm sure have 'stuff' built in to make them secure. I don't think you are going to be successful finding out exactly how they work - if it were public knowledge then it would not be too secure, would it? IMHO if you have a thief savvy enough to intercept and defeat wireless signals from these security devices, then your home doesn't stand a chance anyway unless you have a very large animal that lives freely inside. Remember, most security systems are there to discourage all thieves and beat the amateurs, but if there is a pro that wants in, they are going to get in regardless of what you have. So I would not rack my brain too much on this and just trust that these devices will do their job in the locations that you need them. I am not trying to be dismissive of your concern, just realistic.
 
Paul, allow me to make a comment. I completely agree I would probably not use Zwave for security, but GE (and I imagine HAI) devices were built strictly for security and I'm sure have 'stuff' built in to make them secure. I don't think you are going to be successful finding out exactly how they work - if it were public knowledge then it would not be too secure, would it? IMHO if you have a thief savvy enough to intercept and defeat wireless signals from these security devices, then your home doesn't stand a chance anyway unless you have a very large animal that lives freely inside. Remember, most security systems are there to discourage all thieves and beat the amateurs, but if there is a pro that wants in, they are going to get in regardless of what you have. So I would not rack my brain too much on this and just trust that these devices will do their job in the locations that you need them. I am not trying to be dismissive of your concern, just realistic.

Steve, I agree completely with your comments. However, I do think the issue needs to be raised periodically with vendors to make sure they stay on top of the issues. Just like the younger generation is more aware, knowledgeable of computers and the internet, I would assume that over time the amateurs will move up in ability.

But you are right I'm not going to worry about it. I'll use hardwired were possible and stick to name brand wireless security devices from GE or HAI or ??.

Thanks for your comments.
 
Knowing the GE Protocol intimately, (yes it has taken advantage of me several times) if you should intercept a door open transmission and then the interceptor sends a door closed transmission, it is too late. The alarm has been activated. Any time a door changes state, the transmitter sends a new set of packet data.

Trying to jam receivers will result in a missing transmitter or RF jam trouble signal.
 
However, I do think the issue needs to be raised periodically with vendors to make sure they stay on top of the issues.

Paul,

I completely agree that some general kind of information should be fully disclosed by the wireless security device vendors, e.g. encryption or lack thereof, and I find it mystifying that folks try to explain away lack of such information. I do not see anything proprietary or damaging to any trade secrets by just saying "yes/no, we do/not encrypt". However, the most likely conclusion is that the feature is missing if they do not mention it.

Despite my frustration, I am using NetworX/GE compatible sensors as there is simply no other alternative !
 
I don't think you are going to be successful finding out exactly how they work - if it were public knowledge then it would not be too secure, would it?

Steve,

Respectfully, I disagree with that line of reasoning. What you've described is called "security through obscurity", a thoroughly discredited approach that makes the security device user quite vulnerable due to his/her false sense of well security.
 
I don't think you are going to be successful finding out exactly how they work - if it were public knowledge then it would not be too secure, would it?

Steve,

Respectfully, I disagree with that line of reasoning. What you've described is called "security through obscurity", a thoroughly discredited approach that makes the security device user quite vulnerable due to his/her false sense of well security.

I'll jump in here as well. My area of expertise is information security. I specialize in incident response and post-response forensics, but have significant cryptographic experience as well. In the crypto world, "secret" algorithms are treated with about as much credibility as a replacement cipher ( A=1, B=2,C=3, ... ). "Security through obscurity" has no place in any realm of security whether it be physical or logical. If the entirety of your system's (program, computer, house security panel, xyz widget) security is dependent on keeping its inner workings secret, then you have lost before you began.

The perfect example of why hiding *design* details (as opposed to implementation) will eventually lead to a "crack" is the Digital Enhanced Cordless Telecommunications (DECT) standard. This is essentially the "spread spectrum", pseudo-encrypted stuff that just about every cordless telephone in every house in America uses. Many details of the standard are public knowledge, EXCEPT the cryptographic algorithms. It was thought by the industry as a whole that intercepting these communications was beyond the ability of the common hacker (tinkerer) or cracker (tinkerer with criminal intent). This assumption was proven wrong as the hackers found fairly cheap, commodity components to attach to a PC.
Reference Link: <A HREF=http://events.ccc.de/congress/2008/Fahrplan/events/2937.en.html>DECT hack</A>

BTW, that DECT standard is also used for many wireless point of sale systems. Keep that in mind the next time you swipe a credit card at a temporary cash register in department store! It could be purely IP-based wireless using something like WPA2, or if it is older, still using DECT.

Computer and electronic technology is evolving too fast to allow designers the luxury to assume that a capability will remain out of reach of adversaries for the effective lifetime of the product they are designing -- that is the bar you should strive for: Design a system to resist attack for the entirety of its anticipated effective lifetime regardless of current perceived capabilities of would-be adversaries, that is also consistent with with the degree of protection sought and for the value of what is being protected. That very last part is important. It's often OK to say that the protection provided is "good enough," but darn it, *I* want to be able to decide for myself if it is good enough for my needs.

I can't make that informed decision if the basic design is hidden from me.

-Chris
 
While I don't disagree with your points I think you are getting just way too deep. My point was simply if you publish all of the inner workings of the device and its protocol freely then you are opening the door to another huge set of potential hackers. As I stated and stand by, if a pro, or somebody with enough knowledge wants to get in, they will, period. This is basic home security guys, we are not guarding military or top secret stuff. In that regard, devices like the ITI/Caddx stuff works just fine and people SHOULD have enough peace of mind in it for their basic security. I'm sure the protocol is not top secret, its just on a need to know basis, and the average Joe on the street does not need to know it. If you ARE trying to protect very sensitive stuff, then I would imagine you would want more than a residential grade $30 sensor protecting you.
 
Back
Top