Home alarm system lacks proper encryption

Jan 4, 2016 11:36 GMT  ·  By

Some alarm systems sold by Texecom allow attackers to intercept and read communications between the alarm's control panel and the home owner's mobile app, and between the alarm's control panel and Texecom's servers.

Needing an alarm system for his own home, security researcher Luca Lo Castro bought one of Texecom's alarm systems, one that came equipped with a control panel part, of the company's Premier Elite series.

The model he chose came with a special module called ComIP, which permits the alarm system to receive an IP address and allows the user to control some alarm features via a special mobile application.

Attackers can intercept communications and spoof commands

To prevent abuse, the only way to use this module is to configure the home's router to open a special port (6789) and allow port forwarding towards the Internet. This port is later used to allow bidirectional communication between the alarm's control panel and the Texecom mobile application.

According to Mr. Lo Castro, all data sent via this communications channel is unencrypted, allowing skilled attackers to intercept the exchanged information. Since this channel is also used to authenticate mobile app users, attackers can easily get hold of control panel administration credentials, which they can later use to disable the alarm if needed.

Other data exchanged via this communications channel would also allow attackers to get the alarm's name (ID), IP address, and its geographical location.

Additionally, there was a second communications channel present and used by the home alarm system. This was between the alarm's control panel and the Texecom servers, where various events and notifications were logged. Data sent via this communications channel was encoded in Base64, which is trivial to break. Intercepting notifications from this channel would have allowed attackers to know the alarm's status and if their intrusion was detected.

Researcher: Configure the alarm system to work via a VPN

"If it happens you have a Texecom Premier Elite Control Panel with a Premier Elite ComWiFi or Premier Elite ComIP module, my advice would be not to open any firewall port to the control panel," recommends Mr. Lo Castro.

Instead, the security researcher recommends that users configure a VPN connection from their mobile device to the alarm system's LAN, through which the Texecom mobile app should run.

Contacted by the researcher, Texecom admitted to the lack of encryption, saying, "Our self-monitoring signaling products are reliant on the local IT network being secure, and we accept that unsecure local IT networks can compromise the security of any information communicated within the network itself."

Communications between home alarm panel, mobile app, and Texecom servers
Communications between home alarm panel, mobile app, and Texecom servers

Photo Gallery (2 Images)

Some Texecom alarm systems are susceptible to hacking
Communications between home alarm panel, mobile app, and Texecom servers
Open gallery