BETA
This is a BETA experience. You may opt-out by clicking here

More From Forbes

Edit Story

This Popular Wireless Alarm System Can Be Hacked With A Magnet And Scotch Tape

Following
This article is more than 9 years old.

Residential alarm systems are becoming more popular and affordable due to high-tech competitors to traditional providers like ADT some of which have been in business for more than a century.

These new-generation systems can be simple to sophisticated in their ability to detect entry into your home, and much more. Most are now integrating remote monitoring and control of home automation systems, and this was clearly evident at the recent Consumer Electronics Show in Las Vegas, where an incredible array of life-safety and comfort technology was on display.

You can now remotely monitor the status of your alarm (armed or disarmed), entry and exit, and turn on and off your system from anywhere in the world. Ambient temperature, water leaks, carbon monoxide levels, video cameras, indoor and outdoor lighting, thermostats, garage doors, door locks, and medical alerts can all be controlled from one gateway, via your smartphone, tablet, or computer.

Most alarm companies have also gone wireless when they install the different sensors throughout your home because of the cost and difficulty of running wires. Virtually all of the companies that offer alarm service rely upon a wide array of wireless trips because they are inexpensive, easy to place and install, and reliable. Unfortunately, except for commercial-grade security devices, they are generally not as secure as traditional hard-wired trips.

Depending upon the design of the system and the type of wireless technology, wireless sensors can be very easily defeated by knowledgeable intruders. That is where this story begins.

In 2008, I wrote a detailed analysis of the LaserShield system on Engadget. LaserShield was a nationally-advertised alarm package for residences and business which was and is touted as secure, easy to install, and cost effective. On their web site they tell their customers that it is "security made simple" and “security in a box.” The problem is that there are no shortcuts to secure hardware. When I did the analysis on this system in 2008, I shot a short video in a townhouse that demonstrated just how easy the system was to defeat with an inexpensive walkie-talkie and a more detailed video that showed how the system is supposed to be secure. You can read our report on in.security.org.

At about the same time another company entered the market called SimpliSafe. According to one of its senior technicians that I recently interviewed, the company started in business around 2008 and now has a nationwide following of about 200,000 subscribers for their alarm service.

Fast forward seven years. SimpliSafe is still around and offering a do-it-yourself alarm system that is easy to install, easy to program, and does not require a phone line to communicate with an alarm center. It uses cellular, which means a much more efficient communications path. While the cellular signal can be jammed, it does not suffer from the potential for phone lines being cut by burglars.

SimpliSafe got my attention because they are doing a lot of national advertising and in some respects have a very competitive product to ADT and other major alarm providers, for much less capital outlay for equipment, and cost per month for monitoring. Read my analysis of this system at in.security.org.

While SimpliSafe appears to be far more sophisticated than the LaserShield system (which is still being sold), it is just as vulnerable to methods of defeat. If you read and believe the multitude of national media endorsements that SimpliSafe has received, you would think that this system is THE consumer answer to the larger alarm companies. Yes, it offers a lot of bells and whistles which are very neat at about half the cost of traditional alarm companies. Unfortunately not one of the high-profile and respected media endorsements or articles talked about security, or the potential vulnerabilities of these totally wireless systems.

I obtained a system from SimpliSafe for testing and asked a lot of technical questions of the companies’ senior engineer. We then installed a motion sensor, magnetic door trip, panic button, and communications gateway in a condo in Florida that is owned by a retired senior FBI agent who had weapons, rare art, and a lot of other valuable assets in his home. We produced three videos: one that shows the normal operation and setup of the system, one that demonstrates how to easily bypass all the trips, and one that shows how the magnetic trips they supply can be defeated with a twenty-five cent magnet and Scotch tape from Home Depot.

One major problem is that the sensors are one-way devices, meaning that they send an alarm signal to the gateway when they are tripped. All of the alarm sensors transmit on one frequency, which can be easily determined on the Internet. A radio transmitter can then be programmed for this specific frequency, just like with the LaserShield system. I did it with a readily available walkie-talkie. The problem with this design is that the gateway receiver can be jammed, just like a denial of service (DoS) attack on network servers. The receiver, which must process signals from the alarm trips, is blinded and never gets any notification of an alarm condition.

We walked through the Florida condo for several minutes and never tripped any alarm, including the panic alarm that is built into the key fob. If I had been a burglar I could have stolen guns, valuable art, and lots of other valuables, all by defeating a system that the most respected print and television media in the country have endorsed.

This is reminiscent of what I labelled as the “TV Doctors” who also endorsed an allegedly secure and child-proof prescription drug container that was sold nationally by drug stores and other major retailers. It was not at all secure or child-proof. That company quickly went out of business and the TV Doctors, who by their endorsements tacitly vouched for the security of this product, took down their YouTube videos without addressing the underlying issue.

The public should read with skepticism these kinds of testimonials because they are simply a different and clever way of advertising, usually by reporters and PR firms who do not have a clue as to what constitutes security. Unfortunately, consumers believe these endorsements and trust the media outlet to know what they are talking about. Often, the reporters only understand simplistic issues such as cost, ease of installation, and monthly contracts. But when you are buying an alarm system to protect your family, your home, and your assets, you need to be aware of fundamental security vulnerabilities, because inherent in the term “security system” is the concept of security.

The SimpliSafe system is an affordable alternative to the more costly alarm systems that are designed, installed, and monitored by large national companies. So the question for the consumer is just what constitute security, and how much protection is needed, based upon perceived threats. That requires full disclosure upon the part of alarm vendors, and as I suggested to representatives of SimpliSafe. They should place disclaimers and warnings on their packaging and User Manuals so the prospective purchaser is fully informed and can make an intelligent decision on what to buy based upon their individual needs.

Would you be concerned that your alarm system could be compromised easily by a relatively unskilled burglar with a device that costs less than three hundred dollars? Even more to the point: would you want to advertise to thieves that you had a system that could be easily defeated? Remember that every time you put one of those stickers on your doors or windows, or a sign in your front yard that tells an intruder what kind of alarm system you have installed, also tells them that it can potentially be circumvented.

There are no free lunches in the alarm business and you get what you pay for. So before you purchase any of these systems you should understand exactly what you are getting in the way of protection, and more importantly, what may be lacking in terms of technology and security engineering.

Note: We obtained a current version of LaserShield this month to confirm our 2008 findings. It was just as easy to defeat, as shown in the 2008 video.