Galaxy Flex 20 V3 - Hacked?

pto

Joined
24 Jul 2008
Messages
17
Reaction score
0
Location
Lancashire
Country
United Kingdom
Hi there,

Could any of you possibly help shed some light on what has happened here?

I have a Flex 20 V3 with the network module, and all my user pins are (were) custom bar the engineer pin which was default. I have the network module open to the outside world via my router so that I can log in using an app such as selfmon on my phone from anywhere. The alarm is just in my home.

So the strangest thing, I go out at 10:25 to go to the shop, set the alarm as normal. I get back in at 11:00 on the dot. After I had swiped the fob to get back in, succesfully can I add, the panel started making a noise and when I went to look at it, it had gone through the factory reset process and was at the begin configuration prompt.

Spent ages going back and forth between manual pdf (on my PC in the other room) and configuring the alarm back up somewhere close to where it was, and when I configured the network module again, there were a series of events which were logged between 10:25 when I left and 11:00 when I got back. The screenshot of the app is below. - There's a MEM RESET event, +ENGINEER event, LOC WRITE event, FULL TEST USR event, +INST. SET event and FULL SET event. All just before I got back in.

The question I guess is, is there a series of events which can naturally cause this panel to factory reset itself in this way, or is it a potential that this random alarm panel, on a random port, on a random internet address, at a time just when I was out, has been targeted for attack and the user pin guessed and the actions above done? The latter seems very far fetched, but not beyond the realms of possibility. Even more strange that it happened only while I was out. I have used both the GX Remote and Self Mon. Anyone heard of any word of one of those apps being 'questionable' (I.e. posting configured set-ups and key-presses to their servers?)

Don't know what to think! Don't want to configure the panel really as much as I had for fear of the thing randomly resetting itself.

Any advice or suggestions welcome.
Jack
 

Attachments

  • 60568a7c-dae6-4306-b47b-6b263bde8c17.jpg
    60568a7c-dae6-4306-b47b-6b263bde8c17.jpg
    89 KB · Views: 85
Sponsored Links
Joined
16 Feb 2011
Messages
9,625
Reaction score
1,511
Location
Sheffield
Country
United Kingdom
Galaxy guy could probably advise on this …but it does sound like the panel has restarted rather than been hacked !
 
Joined
7 Jan 2014
Messages
937
Reaction score
149
Location
Fife
Country
United Kingdom
Jack, as the author of the SelfMon app, I can 100% assure you that the app does not harvest any information from the user. The only information the app ever provides to the platform is the phones push ID, the SelfMon account number and SelfMon queue ID. The latter two being optional inputs when setting up push reception.

From the log you've posted, there was a mem reset just after you set the system and there was no remote access prior to that. This would suggest that there was no external login/hack and the system reset spuriously. Normally, if the system recovers from a spurious reboot, the system will autoset again - like it did. I'd need to double check the series of events that would normally take place, as it does seem strange that there's an odd eng login, but that may just be the sequence that takes place. Which version of the Ethernet module do you have (Use menu 61.1.Comms viewing COM4), as the older Ethernet modules do have some issues.

One thing I will also add is that you should lock the system down properly if you haven't already done so. That means setting both the RSS and UMS passwords. Unfortunately, you need RSS to do this at the moment.
 

pto

Joined
24 Jul 2008
Messages
17
Reaction score
0
Location
Lancashire
Country
United Kingdom
Hi GalaxyGuy,

I pretty much knew no harvesting took place but when presented with that strange set of circumstances the mind goes off on one! Sorry for the insinuation.

Thanks for taking the time to give some thoughts on this one. We use a combo of Gx remote, the rfid fob, your remote or PIN... depends what is nearest/convenient at the time.

The way the day went about like so

We unset the night alarm when we woke up at 08:51

At 10:23 we were going out, but as a key had been left in the back door we couldn't lock it from the outside, so we went back in (hence the +EXIT triggers) and performed an Unset at 10:24 (this is all in the log 1 pic)

We took the key out, began a set once again at 10:24, that completing at 10:25. (Log 1 pic) We got back at 11:00 - the stuff following after lunch was me starting to put it back to how it was. (Log 3 pic.)

My ethernet module as per 61.1 reported via your app
ETHERNET
100% CM04 V4.03

The panel is
TYPE-FX020
VERSION 3.50

Have you seen anything like this at all? Am I playing Russian Roulette setting up this panel again - waiting patiently for it to reset itself at the right moment?

Many thanks
Jack
 

Attachments

  • Alarm log 1.jpeg
    Alarm log 1.jpeg
    91.7 KB · Views: 54
  • Alarm log 2.jpeg
    Alarm log 2.jpeg
    91.3 KB · Views: 44
  • Alarm log 3.jpeg
    Alarm log 3.jpeg
    94.6 KB · Views: 44
Sponsored Links
Joined
7 Jan 2014
Messages
937
Reaction score
149
Location
Fife
Country
United Kingdom
You have the A083-00-02 module which doesn't suffer from the issues of the A083-00-01, where a syn-flood or misconfiguration on the network could cause the panel to reset.

It does very much look like a spurious reset which has resulted in the config disappearing. These modern devices run embedded Linux under the hood and they use a Flash based filesystem (JFFS2). This means that you shouldn't pull power on the panels to reboot them. Many do, and it's sometimes difficult not to when installing.

From your log, it seems to me that there has been a filesystem issue and the panel has recovered. When recovering, the filesystem will map out any suspect part of the flash in order that it's not used again. In your case, I think it's mapped out, but has not managed to keep the config file info, so will rebuild that in a new area of the flash. I would keep going with it, but if it does happen again, then the board needs replacing.
 

DIYnot Local

Staff member

If you need to find a tradesperson to get your job done, please try our local search below, or if you are doing it yourself you can find suppliers local to you.

Select the supplier or trade you require, enter your location to begin your search.


Are you a trade or supplier? You can create your listing free at DIYnot Local

 
Top