IoT Home Alarm System Can Be Easily Hacked and Spoofed

An anonymous reader writes: In the never-ending series of hackable, improperly protected IoT devices, today we hear about an IoT smart home alarm system that works over IP. Made by RSI Videofied, the W Panel features no encryption, no integrity protection, no sequence numbers for packets, and a predictable authentication system. Security researchers who investigated the devices say, "The RSI Videofied system has a level of security that is worthless. It looks like they tried something and used a common algorithm – AES – but messed it up so badly that they may as well have stuck with plaintext."

I'm not surprised

[TWX]

I've worked with security companies that do lower-end security before. They've e-mailed usernames and passwords to me across the Internet.

There's no licensing or aptitude testing necessary to operate a security company. Anyone can form a business and call it a security business, and often people that have no technical background will do it because there's a market to be served, even if they should not be the ones serving it.

If I want IoT I'll make it myself.

[AndyKron]

If I want IoT I'll make it myself. It will be safe because only I will know I have it, and how it works.

The IoT of now and the future.

[geekmux]

This just goes to show you that even with a security-centric product like an alarm system, even basic security features cannot seem to be prioritized over cost or first to market.

Expect thousands more shitty products that lack even the most basic security to hit the IoT market before consumers pull their head out of their a...ah, what the hell am I thinking? Consumers have never given a shit about security or privacy.

It's the very reason shitty IoT is thriving.