![]() ![]() To get some estimation about their popularity we can use an OSINT service such as shodan.io. These devices are popular all over the world. They come in three models IP150, IP150S and IP150+, these product versions differ only in minor ways and all provide the same major functionality, the ability to monitor and control your security alarm over the network. The IP modules run on a STM32F4 MCU with an ARM Cortex M4 CPU, have an ethernet port and connect to the alarm panel and receive power through a serial connection. Our testing was done on the IP150 and IP150+ devices with their latest firmware (5.02.019/5.03.000). If your home, company, or office is protected with one of these security alarm panels in combination with an IP150 module, then it can be fully compromised by relatively simple means, as one of the vulnerabilities we found allows anyone remotely, without any proper authentication to overwrite its firmware with a custom firmware image not only to disarm the physical security, but potentially gain a foothold inside your network. In this article we will show how insecure these widely used devices are and how we could completely disable the security of tens of thousands security systems all over the world. ![]() They are used with their SP, MG and EVO series security alarm panels to enable control and monitoring of the security alarms over the Internet. One of their most popular family of products are the IP150 internet modules. Paradox Security Systems is a Canadian company manufacturing alarm systems and various security devices since 1989. Paradox (In)Security Systems: IP150 Internet Module Hijacking Intro ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |