TL;DR: when the technician put hands on my device, disabled NTP (unattended time updates from internet) and locked settings with a password so I’m forced to pay him €50/hour to change the time
The year is 2018: there was a burglary in my building and my SO begged me for an alarm system. Perfect, so I ordered immediately a 3G Arduino shield and some PIR sensors.
WTF is that, you’re not going to DIY that shit, right? I want something that works all the time and doesn’t require any fiddling, no wireless sensors that go out of battery and you will notice after years. And I don’t want flying wires everywhere, call a professional that will run cables in existing conduits
So I searched for a fully wired solution that didn’t have any subscriptions/servers/internet/apps yet allow remote control and call police when required (commercial solutions with a certification can directly interface with police) and that with professional installation didn’t cost an arm and a leg. And that allows easy change of settings in the future.
The day of install, the technician tells me “give me the sim card” - to which I reply “it’s ok I install it later when you’re done” but to my dismay he said “no, the system must be bound to the sim card serial number using the installation tool”.
Fuck! I totally overlooked this! So i run to the city searching for a company that gives me a reasonably priced IOT sim card and do it immediately. Luckily I found one and I come back in time after a couple hours, he was almost done and I notice that he’s not setting it up using the main unit screen, but instead was using his laptop via serial.
“Huh? I thought it could be set via the screen”
"Yes, but via computer I have access to more settings "
And I didn’t pay attention to this sentence until now.
I had to remove electricity for a couple hours to install some Shelly relays in the light switches, when I was done the alarm said “RTC error, set time again”.
Ah yes, after all those years the battery is dead = dead RTC. It’s ok, I take the user manual and see how to change the time, but the menu doesn’t show that. Huh? How? The manual states also that it could update via NTP if internet is available or via GSM cell info if no internet is available. Perfect! So I wait for one day and… nothing. Wait a couple more… nothing.
I finally call support: they tell me that if the menu is missing, it’s because the tech used their special software over serial to hide time setting and NTP, for “security”, as an attacker could disable the alarm by doing a MITM over the NTP and change the time to daytime and get the alarm disable by itself with the timer
Conclusion : I have to pay 50-100 euro to someone come to my house to personally do something as trivial as just change the time
Name the company that allows this. Everybody else would like to know who the offender is.
Satel (Poland)
Come on now! Satel is the manufacturer! AFAIK. And as I said in another comment - this shit is simple as f**k!
Don’t blame alarm systems manufacturer for poor/predatory service of your local security company.
I’d rather buy usb to serial converter, search for service manual and try default passwords
I agree, but with a security device this is probably not the best idea. Any kinds of tampering physically would most likely trigger the alarm, sometimes in a way that can only be fixed by calling a tech. Software tampering if you do get it connected would probably have the same result.
We’ve had this at work once, they were doing some remodeling and somebody accidentally hit a sensor with a large machine. The sensor was destroyed and the alarm went off (even though it wasn’t even “on” at the time, as it was in the middle of a day). No codes on the panel could turn off the alarm, not even our super duper override code. We called support, they gave us a temporary override code and even that one didn’t work. They said with physical tampering a tech must come by on location to tell the system all is OK. We had to work for 4 hours that day with the most annoying alarm sounds in the background. The worker that hit the sensor was very embarrassed about it.
And it did not occur to you to disconnect the siren? :D
I don’t know what country you are from and what you use but you are extremely overestimating the level of complexity of these “security devices”.
Everything is clearly described in installation and service manuals. Everything is available from the manufacturer. You can install these systems DIY if you’d like. Disconnection of a sensor is a security event which triggers alarm no matter if it was armed or not. How to handle this is described in manual. The shitty support that couldn’t handle it speaks volumes about their competence.
The service codes which should be unique to each client and installation are reused on every system that given contractor installs. After a brief gig my brother had as a technician, he knew service codes for all banks and jeweleries in the radius of 150km… That disarms the alarm at wish and can modify settings :)
And you are worried that you might compromise the security by DIYing it? :)
Yeah, and even then, if you’re worried about it triggering the alarm, just contact your local dispatch ahead of time and be like, hey, I’m trying to modify my alarm and my service company is not being cooperative with me. So if you get an alarm to my address within the next like two or three hours, disregard it means I messed something up. Local dispatch will be more than understanding
the inability to manage my own system would be a solid “yea never mind this isn’t what I wanted” and shipping the device back. it probally wouldn’t be a full refund but, that’s the cost for me making a mistake like that. I’ll be damned if in not going to be able to access my own alarm panel. I would be firmly against any setting not being in a user accessible location regardless if it’s a time thing.
Hopefully op had the tech enable all settings on the main panel cause that’s such a shitty money grabbing practice. Just lock the ability to change time behind a service code on the main panel. incorrect code = alarm is triggered.
I don’t think it’s highly likely that an attacker is going to hack their way in to a domestic apartment.
Yes that’s why is bullshit
