Reply to post: Hard then simple

Researcher criticises 'weak' crypto in Internet of Things alarm system

MachDiamond Silver badge

Hard then simple

Many crack jobs DO require a very knowledgable person to be the first in finding a security flaw. Once the secret is out, it's only a short amount of time before somebody has coded a bit of software to exploit the vulnerability and it's a piece of cake for anybody to break in with only enough brains to manage Sunday cartoons.

Company's/Developers should only enter the security devices market if they will spend the time to build a competent product. They should also bring in outside testers to try and circumvent their products.

Scenario:

A burglar combs the listings of homes for sale in a high priced neighborhood and sees some pictures of a home with stuff that can be resold without a fuss. The estate agent was being very helpful by stupidly taking a close up picture of the alarm panel to show potential buyers that the home has an alarm system. Now the burglar has a fair inventory of what his haul could be and the particulars of the alarm system. A little bit of searching online and/or some consulting with others in his trade and he will have an idea on how to bypass the alarm. Since the best return is made by burglarizing high end homes and those homes ubiquitously have alarms fitted, professional thieves are much more tech savvy than many start up alarm system companies think. If all it takes is a tablet and some sniffer software, thank you very much.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019