Ajax encrypts data using its own proprietary floating key protocol. This protocol is resistant to breaking: even with the power of a supercomputer, it will take years to break the key by a Brute-force search.
Let’s assume a situation where an attacker was able to compromise the key. In this case, the protocol is still protected by the session counter: a new encryption key is generated within each device-hub communication session.
Even if an attacker bypasses the session counter, he will be stopped by device authentication: a secure communication channel is created between the detector and the hub, followed by an ID check.
Each device has a personal ID by which the hub recognizes it.
If the device fails the ID check, the hub will ignore its commands.
Moreover, the hub will detect the loss of the Ajax device that the attackers want to replace with the fake one. The detection time depends on the device type: 3 seconds for wired Ajax devices and the time set in Jeweller settings — for wireless ones. The lost connection notification will be sent to the security company and system users.