M1XEP getting hacked?

[Jeff Pierce]

M1G 5.3.14

M1XEP  2.0.48

I have my M1XEP send me text alerts to my phone every time the M1G is armed or disarmed. Lately I’ve been getting text alerts in the middle of the nights saying the M1G has been armed or disarmed and I’m not doing it. My internet provider is Spectrum and I use their phone app to control my router. The Spectrum app says they are blocking some security threats to the M1XEP during the same hours that I get the text messages from my M1XEP saying the M1G has been armed or disarmed. I have announced sounds muted for arming and disarming at night so I don’t hear this happening from the M1G speaker.

However, when I use M1RP2 and look at the logs I don’t see any attempts to arm or disarm the M1G at those same times.  So to recap, my ISP sees an incoming IP address as a threat attacking the M1XEP and the M1XEP thinks the M1G is being armed or disarmed when this happens. It sends me a text to my phone but the M1G logs say nothing happened. So is the M1XEP susceptible to hacks?

[Brad Weeks]

Because there is no entry for arming and disarming in the M1 log, the M1 is not being armed or disarmed.  Even if someone was able to gain remote access to arm/disarm, the M1 log would show it.  Because it doesn’t show it, it is not happening.

 

Cellular providers do not guarantee text messages.  Because of that you may lose or not receive some or receive duplicates of others.  It sounds like you’re receiving duplicates.  It could be that the M1XEP cannot verify the message was successfully delivered to your SNMP server, so it sends it again. A few months ago when Gmail, Yahoo and perhaps others implemented the App Password feature (learn more https://www.elkproducts.com/email-security-settings-using-app-passwords-for-gmail-and-yahoo-with-the-m1xep/  ) there were several scenarios email/text not being sent then all at once they all were received.

 

The apparent attacks you see on your router are nothing new.  Everyone gets them.  Most don’t even know it.  There are thousands of bad-actors in the world that set up automated programs to scan IP addresses and ports on each IP address.  If they think they found a live address, they will perform targeted probes against known applications, devices, and services.  That is likely what your app is detecting.  Rest assured that the M1XEP is well-protected from any scan, probe or attack, so long as you’ve chosen a good password for in-coming connections.

 

So, to sum up, no one is hacking your M1.  The spurious text messages you receive are probably re-transmissions of messages that were already successfully sent.

[Author]

Posts