Alarm Grid Video Recap: June 15th - 18th

Posted By

It's time for the Alarm Grid Video Recap! There are five (5) new videos this week. For the first time in awhile, I did not appear in any videos. I'll hopefully be back next week. Instead, Jorge really took over, doing four (4) videos. Julia also made a rare video appearance. On with the show!

2GIG Edge: Pair the 2GIG PAD1-345

Jorge shows you how to pair the 2GIG PAD1-345 Keypad with the 2GIG Edge. The PAD1-345 is a very basic keypad device that has been around since the days of the 2GIG GC2. As a very limited keypad, the PAD1-345 can be used to arm/disarm and trigger system panics. The 2GIG PAD1-345 cannot be used to bypass sensors, and it also does not display system status. Additionally, the PAD1-345 can only control the system partition that is has been assigned, and it cannot "switch" to other partitions.

2GIG Edge: Finding the IMEI Number

Jorge shows you how to find the IMEI Number on a 2GIG Edge Alarm System. When working with a 2GIG Edge, the IMEI Number may also be referred to as the panel's Serial Number. This is an important piece of information that you need when activating the system for alarm monitoring service. It is associated with the panel's built-in cellular communicator, which is registered with as part of the activation process. All outbound signals for the 2GIG Edge are sent through

2GIG Edge: Connect to WIFI

Jorge explains how to connect the 2GIG Edge to a WIFI network. The 2GIG Edge can use WIFI connectivity as a secondary pathway for communicating with However, WIFI cannot be the only communication pathway, as requires that a cellular communication path is configured and set up with their servers. Most users will configure the WIFI pathway anyway, as most monitoring providers will not charge extra for internet monitoring, and almost all homes and offices have WIFI readily available.

2GIG Edge: Sending a Cell Test

Jorge teaches you how to perform a cell test on a 2GIG Edge Security Panel. A cell test is performed at the end of the system's activation process, as a way of verifying communication with the servers. You may also perform a cell test at any time after the activation to ensure that the system is still communicating properly. As part of the cell test, the system checks that it can successfully send signals to the servers, and also successfully receive incoming signals from

2GIG GC2: Updating Firmware Using Updater Cable (UPCBL2)

Julia teaches you how to update the 2GIG GC2 using the 2GIG UPCBL2 Updater Cable. Normally, the easiest way to update a GC2 is to activate the system for monitoring service, and then push down an over-the-air (OTA) firmware update from But if you have an old GC2 that is not on a high enough firmware version to get connected with, then you must update using the Updater Cable or the 2GIG UPDV Easy Updater Tool. Alarm Grid also has a 2GIG GC2 Firmware Updates Page that you can check out.

Tags: , , , , , ,


Although there is a Quick Arm option, there is no quick disarm option, so as long as a PIN is never used to arm or disarm the system on the PAD1-345, and therefore can't be captured, then a ne'er-do-well wouldn't be able to capture anything harmful from the PAD1-345. That's the point I was getting at. In 20 years of supporting 345 MHz sensors, most of that with unencrypted sensors (11 of those years spent working for the manufacturer of a large portion of the 345 MHz products that are sold today) I've never seen this happen in real life. Not to diminish the fact that it's possible, it certainly is. But in practical terms, I've never seen it.
Actually, even if you are using it for quick-arming only, there still a risk to your security (just not a risk of your PIN being intercepted). There is a risk by having a PAD1 paired, even if you never use it. In my previous comment, I highlighted the (rather easy to perform) vulnerability of a PIN code being detected through a $25 *receiver* device. But with a little more work and money you can use a *transmitter* device to spoof a PAD1 and disarm the system from your car parked on the street. The easiest way to do this is to perform a "replay attack" in which you capture the disarm signal and then "replay" it later to maliciously disarm the system. (Also may be possible to "replay" a modified supervisory signal). This isn't something the average burglar is going to do, but it is a vulnerability that exists as soon as you pair a PAD1. For most people, it's probably not worth worrying about. But if someone had an unfriendly ex-spouse who was an electrical engineer, I would advise them not to use anything unencrypted.
I assume what you say is true. I don't have the device required to test the process. You can use the PAD1-345 to arm with a single button, if Quick Arm is enabled in the panel Q113 (it is enabled by default). As long as you use it in this way, no code is sent to the panel. So, as long as you use it for quick-arming only, there is no risk. Thanks for posting, we always want any type of security vulnerability to be highlighted.
No one who cares about security should use the PAD1-345. It broadcasts your PIN unencrypted and easy to detect. All someone needs to intercept the signal is a $25 USB gadget sold on Amazon. Plug it into your computer and some open source software from github will tell you exactly which buttons are being pushed. Super easy to detect the signal from a car parked out on the street. It really confuses me why 2GIG didn't create an encrypted version of the PAD1 when they released the rest of their e-series sensors. I'm not sure why 2GIG thinks that a flood sensor needs encryption, but that it is ok for a disarming keypad to be completely unencrypted.

Related Products

2GIG Edge w/ Verizon LTE - Wireless Alarm Control Panel
2GIG Edge w/ Verizon LTE
Wireless Alarm Control Panel
List Price: $570.00
Our Price: $370.99
2GIG Edge w/ AT&T LTE - Wireless Alarm Control Panel
2GIG Edge w/ AT&T LTE
Wireless Alarm Control Panel
List Price: $570.00
Our Price: $370.99