Researchers have identified several high severity vulnerabilities in the Videofied alarm system offered by RSI Video Technologies.
France-based RSI Video Technologies provides physical security solutions for residential, commercial and outdoor facilities, including critical infrastructure and construction sites. The company says its wireless security products have been deployed in more than 70 countries.
Videofied is a wireless alarm system designed to send alerts and videos when an alarm is triggered.
Researchers with UK-based security consultancy Cybergibbons analyzed W Panel, one of the Videofied control panels designed for use in residential, small business and enterprise environments. The W Panel is capable of transmitting videos and alarms over Ethernet, Wi-Fi and GPRS to ensure that police can quickly be alerted of a crime in progress.
One of the problems found by experts is that the authentication between the panel and the server is based on a key that is derived from the device’s serial number, which can be easily obtained by an attacker since it’s transmitted in plain text. This issue has been assigned the CVE-2015-8252 identifier.
Another vulnerability is related to the fact that the authenticity of the data is not properly verified, allowing an attacker to spoof messages in an effort to send false alarms and even deactivate alarms. This security hole has been assigned CVE-2015-8254.
Experts also determined that communications are not encrypted – messages are sent in plain text and videos are sent as MJPEG files (CVE-2015-8253).
These vulnerabilities allow a remote attacker to spoof alarms and intercept data, including videos, researchers said.
According to CERT/CC, the vulnerabilities exist in Frontel, a software package used by Videofied customers for monitoring alarms. Frontel uses a custom protocol running on TCP port 888 for communications with the server.
“The RSI Videofied system has a level of security that is worthless. It looks like they tried something and used a common algorithm – AES – but messed it up so badly that they may as well have stuck with plaintext,” Cybergibbons said in a blog post.
The company said it found the vulnerabilities in mid-2015 after testing the latest W Panel. CERT/CC, which was notified after the vendor failed to respond to Cybergibbons for six weeks, says the vulnerabilities have been patched with a Frontel update that introduces version 3 of the communications protocol. Users are expected to receive the update by the end of December.
Cybergibbons specializes in penetration testing of IoT devices and embedded systems. Last year, the company reported finding serious vulnerabilities in Wi-Fi thermostats from Heatmiser.
