Help Forum

Encryption upgrade or not?

Support Encryption upgrade or not?

Viewing 6 posts - 1 through 6 (of 6 total)
  • Author
    Posts
  • #284863

    Sixto
    Participant

    Now that I’ve upgraded from the Qolsys IQ1 to the IQ2+ panel, deciding what to do about encryption.

    I do have a few S-Line sensors and I’m replacing a few of the older non encrypted sensors for key areas such as the doors.

    The key question is why do I care about encryption for all of the other locations.

    What type of replay attack could be possible that I care about?

    As an example … if I have 20+ windows … all non-encrypted Qolsys sensors … and someone tries to break-in through a window, wouldn’t the sensor still send the unencrypted “open” signal to the panel, and no matter what anyone did the panel would still see the trigger.

    Just trying to justify why I would want to replace any of the window sensors. This is not a financial question, purely technical.

    I’m definitely changing out the door sensors to S-Line, and I’m thinking that I should change out the motion sensors to S-Line as well, because someone could track all movement in the house with unencrypted motion sensors, but why would I replace all the window sensors? What could happen?

    And forget about the financials, this is purely a security question. I’m not sure how unencrypted window sensors can cause a security exposure, but very willing to be educated! 🙂

    Also, when a S-Line sensor enrolls for the first time and then encrypts all signals going forward, does it then never send any unencrypted signals ever? I’m asking because I thought that the Qolsys sensors were all 1-way, so how does the sensor know that it’s a panel capable of encryption? Does it always send both unencrypted and encrypted, or switch to encrypted only for panels that support encryption.

    Thanks!

    #284876
    Jason
    Jason
    Surety

    Encrypting the data transfer between sensor and panel with S-Line sensors means that only the panel will be able to read the status of the sensor transmissions as it has the proper encryption key.

    Think of it as the difference between plain text and encrypted text. Someone with the right rf listening equipment could listen to unencrypted sensor transmissions and know the status of doors/windows, and this would give the ability to spoof the signal, repeating the captured transmission, making the panel think the sensor is in one state when it is in another. This is of course more rare than brute force entry, but it is a concern, and a weakness of unencrypted systems.

    Encrypted sensors are objectively more secure than unencrypted sensors, and Power G sensors are objectively more secure than S-Line with their added frequency hopping.

    An encryption code is synced with the IQ Panel 2 at the time of enrollment. As I understand it, the panel confirms this with the sensor radio. If it is enrolling with a panel that does not support encryption and does not sync this encryption key, it functions as an unencrypted sensor. If enrolled with a Qolsys IQ Panel 2, it only functions as an encrypted sensor.

    #284877

    Sixto
    Participant

    Thanks Jason.

    So it seems like what you’re saying is that once an S-Line sensor enrolls as an S-Line sensor (encrypted), it never sends anything unencrypted, which is what I would hope. I wasn’t sure how this was possible if the sensors were totally 1-way, but maybe they are 2-way at enrollment?

    My concern was whether the sensor would send both non-encrypted and encrypted for compatibility.

    The more that I think about this, this can’t be true, because then how does the IQ1 and IQ2+ co-exist? I never de-enrolled (deleted) the sensors from the old panel. Should I delete from the old panel, to stop the unencrypted transmissions?

    Also, still interested in how switching a window sensor from unencrypted to encrypted makes it more secure when armed. It seems like once it triggers (“open”), there’s nothing a thief could do to stop that signal other than jamming the frequency, which has nothing to do with encryption. And if they replayed a “close” it still would have triggered the alarm.

    I’m more interested in this topic for the motion sensors. Once I switch to S-Line motion sensors, trying to verify that the motion sensor will never send an unencrypted signal, thus no one can track movement in the house.

    Thanks again for insight.

    #284880
    Jason
    Jason
    Surety

    An individual could spoof the signal to cause false alarm events, or more likely a concern with regard to your question, send a number of rapid close signals from that sensor id, which can result in opening the window or door without it’s actual transmission reaching the panel.

    My concern was whether the sensor would send both non-encrypted and encrypted for compatibility.

    The more that I think about this, this can’t be true, because then how does the IQ1 and IQ2+ co-exist? I never de-enrolled (deleted) the sensors from the old panel. Should I delete from the old panel, to stop the unencrypted transmissions?

    I understand the concern, as far as I understand from Qolsys, the sensor signals one or the other based on what it is learned into. I am sending Qolsys a message to confirm the mechanism for how the panel and sensor both determine encrypted vs unencrypted. (I’ll also verify if they are learned into both IQ and IQ panel 2, is it intended that both encrypted and unencrypted function) I will follow up here with further clarification from the manufacturer.

    #284950
    Jason
    Jason
    Surety

    This is a really good question. Thinking about it and digging into it beyond the manuals, there is really no way a one way communication sensor would be able to toggle transmission without a local switch of some kind to control it. The tech support individual replying hasn’t stated definitively yet, but the sensor would be broadcasting in both formats always. Apologies for the confusion.

    The whole point in this case would be that when learned into the IQ Panel 2, you are selecting the format the panel is listening to. This eliminates the possibility of repeating the transmissions to undermine the panel security. The panel simply doesn’t listen to unencrypted transmissions from that sensor ID.

    #285044

    Sixto
    Participant

    Thanks Jason. Yep, that’s what I thought, just wanted to verify.

    I did just swap out the key fob tonight to S-Line. That was a no brainer.

    Not yet sure what I’m going to do with some of the other sensors. I may just leave most as unencrypted for now.

    There were two items: 1) communication to the panel, and 2) eavesdropping on the activity in the house.

    It seems like S-Line solves #1, but not #2, which was what I was trying to verify. This is for S-Line only. PowerG is always encrypted, thus no issue there.

    The only other sensor that I’d love to upgrade is the IQ Pin Pad, which my wife uses quite often. I could upgrade to an IQ Remote panel but that’s such overkill for what we need. Hopefully they’ll have an S-Line Pin Pad some day.

    If you hear anything else, would be interested. Thanks again.

Viewing 6 posts - 1 through 6 (of 6 total)

You must be logged in to reply to this topic.

Value Proposition

Your home is your domain.
Connecting you with it is ours.

Learn about Surety whole home automation and security.

Just need cameras? Check out Surety 24/7 AI powered video.

Whether you’re a security system novice or a seasoned pro, everything we do is designed to make monitoring your Surety Home incredibly simple and enjoyable.

Guy Relaxing in Chair
New title
Five out of five star rating.

“Surety is amazing!… The service, pricing and most importantly documentation/guides/videos have all been phenomenal… I would highly recommend Surety if you are comfortable doing it yourself; you’ll be happy you did!”

Isaiah W. , Facebook Review , 1/09/2019
Five out of five star rating.

“I was able to setup my whole home security system in an afternoon. It’s worked great ever since… I installed my system over a year ago, and Surety has stood the test of time. I would highly recommend them to friends and family.”

Dallas L. , Austin, TX , Yelp , 12/03/2014
View more
Plans

We offer plans to fit everybody’s needs.

Shop Plans

No products in the cart.