There is no protection against voltage spikes on the inputs, there is just the pull-up resistor on the Raspberry Pi input. So this is a weak point. I did consider both EOL resistors and optoisolators when I first got started. But decided against it.
There are dedicated tamper inputs, which runs through the tamper switches in multiple devices before returning to the control cabinet. But EOL resistors would be a better and more secure option. I have thought about using something like an AVR microcontroller to read the voltage level and convert to something the Raspberry Pi could use. Maybe in the future.
I can always make changes in the future — thanks for your input :)
Another weak point I've thought of, which probably applies to many alarm panels with zero knowledge of the correct pin, is what safeguards are there preventing someone from doing replay attacks on the pin entry? I would think a hardlined panel would be more secure.
I agree. The ZigBee protocol is encrypted, but a replay attack is probably still possible. Another advantage of a hard wired panel is that it's not dependent on the Zigbee network being operational, and could be operated on the backup battery for days.
I think many systems fall through if the threat model includes someone watching you and doing a replay attack. But I'd still prefer a hardwired panel TBD. It's just not very easy to retrofit, with hidden cables.
There is no protection against voltage spikes on the inputs, there is just the pull-up resistor on the Raspberry Pi input. So this is a weak point. I did consider both EOL resistors and optoisolators when I first got started. But decided against it.
There are dedicated tamper inputs, which runs through the tamper switches in multiple devices before returning to the control cabinet. But EOL resistors would be a better and more secure option. I have thought about using something like an AVR microcontroller to read the voltage level and convert to something the Raspberry Pi could use. Maybe in the future.
I can always make changes in the future — thanks for your input :)