Update: the full report into the issues I found with the CS2300-R boards has been published.
Update: The posts are being republished November 2015.
As part of my reverse engineering of the CSL Dualcom alarm signalling boards, I have uncovered some issues that I would classify as vulnerabilities. I have recently informed CSL Dualcom about one the issues, alongside tweeting some rather unexpected findings about the encryption used.
In response to this, CSL Dualcom have requested that I remove the blog posts and tweets until I meet with them. I have decided, out of courtesy, to hide the posts for now. This is not an admission of any wrong doing, censorship of my posts, or response to legal threats.
As always, my approach to vulnerability disclosure is to follow the model of responsible disclosure. As this is an embedded system with a very large deployment, it would only be reasonable to have an extended period for the vendor to respond.