This forum uses cookies
This forum makes use of cookies to store your login information if you are registered, and your last visit if you are not. Cookies are small text documents stored on your computer; the cookies set by this forum can only be used on this website and pose no security risk. Cookies on this forum also track the specific topics you have read and when you last read them. Please confirm whether you accept or reject these cookies being set.

New LM auto sniffing thru network
#1
Hi.

There is one LM5 connected to a router. I have now connected a new LM to the same router. The new LM is set to TP-UART, but it is not connected to KNX bus. All configurations on the new one is factory set.

Why is the new LM bus sniffing the KNX bus witch is purely connected to the old LM?

BR
Kai-Roger
Reply
#2
LM always listen on ip even when tp is selected. Change multicast to make them invisible on ip.
Reply
#3
(10.04.2019, 22:01)Daniel. Wrote: LM always listen on ip even when tp is selected. Change multicast to make them invisible on ip.

So as long as i have factory setting on the multicast, anyone who gain access to the network, can connect a LM and bus sniff out the information, and take control over the bus trafic?.
I'm not sure if i like the thought of that.
Reply
#4
That is how KNX is designed, you don’t need a LM to sniff and find all communications, you can do the with the ETS as well, there are even apps to scan KNX traffic. 

Now the protocol is moving slowly to KNX secure. Not sure if that’s what we want as it makes it less open and not easy to handle in case of a project that is not programmed by you and you don’t have a .knxproj file. Will be fun (:

BR,

Erwin
Reply
#5
Yes i agree with the most of what you say, but KNX is wired and physically safe from hackers. When i use LM, anyone who hack my Wifi can get access to the bus without any username and password. That 's my concern.
Reply
#6
(11.04.2019, 07:00)Kai-Roger Wrote: ".. but KNX is wired and physically safe from hackers."

I'm not really sure about this...
Reply
#7
This is why in LM you can enable secure communication by adding password in KNX settings. You can disable normal communication too.
Reply
#8
(11.04.2019, 07:35)ferrim Wrote:
(11.04.2019, 07:00)Kai-Roger Wrote: ".. but KNX is wired and physically safe from hackers."

I'm not really sure about this...

Care to explaine why your not sure?

(11.04.2019, 10:51)Daniel. Wrote: This is why in LM you can enable secure communication by adding password in KNX settings. You can disable normal communication too.
Thanks. Will look into it.
Reply
#9
Care to explaine why your not sure?


Maybe we have different sensitivities on this topic but I think that considering physical connections as intrinsically safe is a mistake that can cost you a lot...
BR
Reply
#10
(11.04.2019, 11:28)ferrim Wrote: Care to explaine why your not sure?


Maybe we have different sensitivities on this topic but I think that considering physical connections as intrinsically safe is a mistake that can cost you a lot...
BR

What i'm talking about, is that the KNX cables that are hidden in the walls an junction boxes in a locked house is definitively a much safer case, than the possibility that someone can sit in their car out on the street and hack my bus trafic via wifi and IP gateway. I'm sure you must understand that there is a huge difference regarding the safety in this setting.
Im not talking about the difference between encrypted bus trafic or not.
BR
Reply
#11
(11.04.2019, 11:38)Kay-Roger Wrote: What i'm talking about, is that the KNX cables that are hidden in the walls an junction boxes in a locked house is definitively a much safer case, than the possibility that someone can sit in their car out on the street and hack my bus trafic via wifi and IP gateway. I'm sure you must understand that there is a huge difference regarding the safety in this setting.
Im not talking about the difference between encrypted bus trafic or not.
BR

I agree, the problem remains when we talk about very large plants where vulnerabilities are greater and the attacker can be very motivated
Reply
#12
(11.04.2019, 11:52)ferrim Wrote:
(11.04.2019, 11:38)Kay-Roger Wrote: What i'm talking about, is that the KNX cables that are hidden in the walls an junction boxes in a locked house is definitively a much safer case, than the possibility that someone can sit in their car out on the street and hack my bus trafic via wifi and IP gateway. I'm sure you must understand that there is a huge difference regarding the safety in this setting.
Im not talking about the difference between encrypted bus trafic or not.
BR

I agree, the problem remains when we talk about very large plants where vulnerabilities are greater and the attacker can be very motivated

Yes in large facilities the safety measurements must be much higher. Maybe CanX with encrypted communication can be the solution in the near future (:
Reply
#13
(11.04.2019, 12:00)Kai-Roger Wrote: Yes in large facilities the safety measurements must be much higher. Maybe CanX with encrypted communication can be the solution in the near future (:

I'm really excited about the CanX evaluation kit and I'm sure it will meet expectations!
Reply
#14
My point of view is that the lack of security is one of the biggest KNX issues nowadays. I can imagine I visit a random bathroom in KNX based building, sit on a toilet, unscrew the PIR sensor, connect my laptop to KNX wires and start sniffing packets. I can sniff less or more depending on line couplers configuration but in general there's no way how to prevent me doing it.

I'm curious so my question is: Is there an alternative bus which is:
- cryptographically strongly secured
- Two wires based with power available in these wires
- Reliable in noisy environment
- Routable
- Allows mixing of topology (I mean line, star etc)
- Non master/slave model oriented
LM5Lp, firmware: 2018.08.22, FlashSYS v2, ARMv7 Processor rev 5 (v7l), kernel 4.4.151





Reply
#15
True, but i work with KNX for 30 years now and still need to see the first TP hack..

So is it a hot item? In theory: yes (but that is already 30 years the case), in practice: not so sure..

BR,

Erwin
Reply
#16
(11.04.2019, 14:26)Thomas Wrote: I'm curious so my question is: Is there an alternative bus which is:
- cryptographically strongly secured
- Two wires based with power available in these wires
- Reliable in noisy environment
- Routable
- Allows mixing of topology (I mean line, star etc)
- Non master/slave model oriented

Appart from the "-Two wires based with power available in these wires", isn't this the description for CanX?
BR
Reply
#17
(11.04.2019, 15:32)Erwin van der Zwart Wrote: True, but i work with KNX for 30 years now and still need to see the first TP hack..

So is it a hot item? In theory: yes (but that is already 30 years the case), in practice: not so sure..

BR,

Erwin

I remember a phrase attributed to the Cisco's CEO:
"There are two types of internet connected companies, those that have already suffered an intrusion and those that have not yet discovered it"
I think it could also apply to KNX.
Cheers,
Marcello
Reply
#18
Hi,

This is my personal opinion and not from the company, off course is Schneider Electric implementing security where posssible, also KNX secure. In my opinion is security on the IP side a must, but implementing it on the TP side does raise some question marks if you ask me, we already see a lot older projects where the programming is not available anymore due to a lot of reasons.

Reconstructing a dated site happens quite a few times, what do you think will happen when sites have knx secure?

I personally think we see a lot more sites where reconstruction is needed due to lost encryption details that only the original programmer has.Devices with KNX secure that lost encryption details cannot be unlocked and need to be restored by the manufacturer.

As i never seen any local TP hack, and don’t see any (financial) benefit for any hacker to spend time on it or to even try it, i have question marks if it’s worth all the risks of locked systems.

But again my personal view is that the risk of someone with a laptop in the toilet connectiong to the TP is so low that does not weight up to the risks and issues when encryption details are lost..

BR,

Erwin
Reply
#19
(12.04.2019, 05:53)Erwin van der Zwart Wrote: Hi,

This is my personal opinion and not from the company, off course is Schneider Electric implementing security where posssible, also KNX secure. In my opinion is security on the IP side a must, but implementing it on the TP side does raise some question marks if you ask me, we already see a lot older projects where the programming is not available anymore due to a lot of reasons.

Reconstructing a dated site happens quite a few times, what do you think will happen when sites have knx secure?

I personally think we see a lot more sites where reconstruction is needed due to lost encryption details that only the original programmer has.Devices with KNX secure that lost encryption details cannot be unlocked and need to be restored by the manufacturer.

As i never seen any local TP hack, and don’t see any (financial) benefit for any hacker to spend time on it or to even try it, i have question marks if it’s worth all the risks of locked systems.

But again my personal view is that the risk of someone with a laptop in the toilet connectiong to the TP is so low that does not weight up to the risks and issues when encryption details are lost..

BR,

Erwin

Hi Erwin,
all true, but to complicate the KNX programmers life, there's no need to bother with the encryption keys or other stuff, as long as manufacturers continue to use plug-ins for device programming and life becomes hell ;-)
Ok, now I'm OT
Thank you for your time and have a good day,
Marcello
Reply
#20
https://www.welivesecurity.com/2014/08/0...otel-hack/
Reply


Forum Jump: