Results 1 to 8 of 8

Thread: Why you should change your Installer code NOW (2GIG/Vivint)

  1. #1
    Senior Member
    Join Date
    Feb 2014
    Location
    WV
    Posts
    385

    Why you should change your Installer code NOW (2GIG/Vivint)

    Are you using the 2GIG Vivint Go!Control panel in your business? Or is your panel accessable to others? If so, they can easily obtain your master user code, and all other user codes on the panel, and even create their own backdoor user code.

    Alert!!! This panel has another known vulnerability and has been hacked and compromised. For more info, see:
    http://www.2gigforum.com/threads/129...?p=288#post288
    The default installer code can be used to access a system that is in a disarmed state, and view the User codes including the master code, and change or create a new code.

    If a potential unauthorized user gains access to your panel in the unarmed state, using the installer code gives access to all installed user codes screen, and will even allow creation of a new user code, or change of a current user code.This code trumps the master/ other user codes (try it and see)

    For a Vivint system that is armed, 2580 will disarm it. (This is supposed to be a secret duress code, but since it is all over the internet it isn't very secret) Ideally, this works best if you open up panel and remove/disconnect cellular module antenna so panel cannot communicate/send out a duress signal.

    Code 2203 is an equivalent to a MASTER master user code.



    This is a known potential security vulnerability (the fact that the Installer code has the ability to access/change all programmed User codes, and that 2gig uses the same default installer code, and that APX /vivint also uses the same default code for ALL go control systems (this may apply to other branded panels, where the default 2GIG code is left default)). Common sense dictates you need to be proactive in your own security, and change this to something only you would know.

    As I said this code can be found online by anyone with a simple Google search for either the 2gig installers programming guide, or vivint/apx installer code

    For example:
    Google search for "Vivint installer code"
    https://www.google.com/search?q=vivi...spv=1&ie=UTF-8

    Google search for "2gig installer code"
    https://www.google.com/search?q=2gig...spv=1&ie=UTF-8
    2gig default: 1561
    Apx/vivint: 2203

    Try it yourself

    Disarm panel, then from the main screen...
    Security>Menu>toolbox>enter the Vivint code/2gig code as shown above>user management


    If you currently have a 2gig, or any branded 2GIG panel, especially if it is a apx/vivint branded one, and it is using the default, then change your installer code! (else one day someone may just walk into/break in/kick the door to your home in while you are away (or home sleeping), disable/disarm your system, clean you out/hurt you, then rearm your system upon departure. Thus, your security system has just been rendered ineffectual and completely useless.

    By not changing the default code, you might as well be giving a User code to everyone you allow entry into your home. Less than 30 seconds is all it takes to view master, and all other user codes, or even create a new one...and if they like what they see in your home, they may just return one day or night, whether you are home or not... Don't take that chance!

    Unfortunately for most Vivint customers, you cannot prevent this exploit, you have to have Vivint change Q43 in programming due to their Draconian polices which prevent their customers from making changes to the configuration

  2. #2
    Thank you, Changing the installer code is an important piece of eliminating a potential security issue. I've got an instructional video showing how to change the code from the 2GIG Go!Control Panel here -

    Last edited by Amanda; 02-12-2014 at 11:23 AM. Reason: Embedding video for easier access

  3. #3
    Quote Originally Posted by rive View Post
    Unfortunately for most Vivint customers, you cannot prevent this exploit, you have to have Vivint change Q43 in programming due to their Draconian polices which prevent their customers from making changes to the configuration
    Any success with getting Vivint to change Q43 to allow this?

    What would be the benefit of disarming with a duress code? Wouldn't that automatically cause the central monitoring station to be on alert and possibly dispatch police?

  4. #4
    Senior Member
    Join Date
    Feb 2014
    Location
    WV
    Posts
    385
    Quote Originally Posted by agogley View Post
    Any success with getting Vivint to change Q43 to allow this?

    What would be the benefit of disarming with a duress code? Wouldn't that automatically cause the central monitoring station to be on alert and possibly dispatch police?
    I doubt Vivint will do it, a User needs to get them to reset lockout, and then do it themselves.

    As for duress... Vivint currently has 700,000 customers. Approx half of those are running the old discontinued cellular modules (2G GSM1- GSM7), including all T-Mobile modules), parts of Florida, and California have already reassigned the spectrum, in the next year or so almost all the AT&T 2G modules will go offline everywhere.

    An easy way to tell..is to look at your firmware version, if its below 1.9.4 (Verizon 3G), or 1.9.6 (3G Rogers/AT&T) its a gaurantee you are running the discontinued 2G modules, and your panel is no longer monitored, or will shortly be unmonitored.

    You can also check by opening panel and looking at the sticker, On the module with antenna connected to it, if it says "GSM" is a 2G module.

    To check firmware: click security>menu>toolbox>enter master user code>right arrow>version

    This means those Users may not have active monitoring, and Vivint isn't telling them. They are happy to take their monthly fees anyways. A lot won't even know till the mobile/arm disarm, and home automation start having issues. Watch their Facebook page, and when you see complaints regarding this issues, you will know that the area just went offline...Cali and Florida are going offline now...

    That User 8 duress code will disarm the panel just like any other User code...and if panel isn't actively monitored...

  5. #5
    Quote Originally Posted by rive View Post
    I doubt Vivint will do it, a User needs to get them to reset lockout, and then do it themselves.

    As for duress... Vivint currently has 700,000 customers. Approx half of those are running the old discontinued cellular modules (2G GSM1- GSM7), including all T-Mobile modules), parts of Florida, and California have already reassigned the spectrum, in the next year or so almost all the AT&T 2G modules will go offline everywhere.

    An easy way to tell..is to look at your firmware version, if its below 1.9.4 (Verizon 3G), or 1.9.6 (3G Rogers/AT&T) its a gaurantee you are running the discontinued 2G modules, and your panel is no longer monitored, or will shortly be unmonitored.

    You can also check by opening panel and looking at the sticker, On the module with antenna connected to it, if it says "GSM" is a 2G module.

    To check firmware: click security>menu>toolbox>enter master user code>right arrow>version

    This means those Users may not have active monitoring, and Vivint isn't telling them. They are happy to take their monthly fees anyways

    That User 8 duress code will disarm the panel just like any other User code...and if panel isn't actively monitored...
    Thanks for the information, I will check that out today/tonight and report back (regarding the 2G/3G issue). I'm still being actively monitored (had the police out not long ago on a false alarm) as of now. I'd be pissed if I wasn't being monitored. That's the whole reason I got the system activated in the first place (I had wired alarm system in house when built but never activated until last year with Vivint.

    Is Vivint replacing the modules? (I assume only when the customer complains?)

  6. #6
    Senior Member
    Join Date
    Feb 2014
    Location
    WV
    Posts
    385
    Yep..when you complain...

    But then they try to get you to renew contract for another 42-60 months, and offer the CP2 panel (and pretty much reprogram all your sensors into it)

    My suggestion is to do what I did, request (from night tech support) a firmware update (I don't think they offer their customers the newer firmware, so you will be stuck with 1.9.6)
    Then from the same tech support rep, request the 3G module....make sure to ask for the right one.

    See what you need here:
    Cellular Coverage Check

  7. #7
    Ok, thanks for the info. I'm running 1.9.6 which you said is indicative of AT&T 3G. I tried entering the serial number into the surety site referenced in the other thread and got this message: "Sorry, your Alarm.com cellular module 800XXXXXXX can not currently be used with a new Alarm.com account. It is aleady registered with an Alarm.com provider."

    Are you saying I should now call night tech support and get a firmware update to something newer than 1.9.6? Or are you saying they just can't do that at all?
    Last edited by rive; 04-30-2014 at 09:22 PM. Reason: removed cellular module serial

  8. #8
    Senior Member
    Join Date
    Feb 2014
    Location
    WV
    Posts
    385
    Quote Originally Posted by agogley View Post
    Ok, thanks for the info. I'm running 1.9.6 which you said is indicative of AT&T 3G. I tried entering the serial number into the surety site referenced in the other thread and got this message: "Sorry, your Alarm.com cellular module 8000613279 can not currently be used with a new Alarm.com account. It is aleady registered with an Alarm.com provider."

    Are you saying I should now call night tech support and get a firmware update to something newer than 1.9.6? Or are you saying they just can't do that at all?
    Last time I checked, Vivint doesn't offer its customers newer firmware (see current firmware). You can do it yourself though (you will need the $24 update cable) see firmware downloads discussion board.

Thread Information

Users Browsing this Thread

There are currently 2 users browsing this thread. (0 members and 2 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •