Questions for CSL Dualcom

When CSL made their statement last Friday, it was noticeable that they didn’t actually claim that any of my report was false. To me, that implies that the content of the report is true.

CSL should be answering questions right now, but are maintaining silence.

If you are a big customer of CSL, I would be asking:

  1. What encryption methods do your new devices, the Gradeshift and DigiAir, use?
  2. How often are the keys changed on these devices?
  3. If there was a serious security issue requiring the firmware to be updated, who pays for it?
  4. Do these devices have SMS controls? If so, what is the PIN and how do I change it?
  5. Are any of the device in my estate using the encryption mentioned in the report?

I suspect answers won’t be forthcoming.



3 thoughts on “Questions for CSL Dualcom

  1. Permalink  ⋅ Reply


    November 26, 2015 at 12:22pm

    Their statement does say they’ve followed your advice dude and made fixes. Nice work. I suspect most installers are only going to give a damn though if a robber can use it as part of a heist. Not sure how them making a statement is maintaining silence. Nice to get a vendor that actually responds with fixes and not with ignorance.

    • Permalink  ⋅ Reply


      November 27, 2015 at 5:23pm

      The problem is that fixing these issues still won’t build a secure system, or a secure company.

Leave a Reply

Your email will not be published. Name and Email fields are required.

This site uses Akismet to reduce spam. Learn how your comment data is processed.