powerg security

The PowerG security tag covers vulnerabilities in Johnson Controls' PowerG radio protocol and IQ family devices (IQPanel, IQPanel 2/2+/4, IQHub). Recent discussions detail multiple cryptographic and authentication weaknesses, including cleartext key material, nonce reuse, weak pseudo-random number generation, and missing origin validation. These flaws enable eavesdropping, replay attacks, packet injection, and device misconfiguration on alarm and sensor networks. The vendor recommends firmware updates, careful pairing procedures, and replacement of end-of-life models. This tag is relevant for security professionals and system administrators managing PowerG-based alarm systems.