Half Of the Major Internet-Connected Security Systems Are Vulnerable To Jamming

from the not-so-smart-home dept

As usual, the “smart” home isn’t always all that smart, and dumber technology can often be the best option. That’s certainly true in the smart lock realm, where studies repeatedly have shown that many major smart lock brands are easily compromised. The same has reportedly been proven to be of most other “smart” devices, whether it’s smart refrigerators, smart televisions, or even smart Barbies.

You’d think “smart” systems with a focus on security would be better, but not really. Consumer Reports recently took a look at the top ten modern home security systems, and found that half of them could be relatively easily compromised by hackers. Most modern security systems are DIY systems that include a centralized hub, then various door, window, and other sensors you can buy piecemeal. But Consumer Reports found that five major brands could be relatively easily jammed so that the alarm never goes off when an intruder enters your home:

“In a series of new tests, Consumer Reports found that five popular DIY home security systems are relatively easy to jam. That means a burglar can use a laptop and a portable radio frequency (RF) transceiver to block the signals from door/window or motion sensors and enter a home without triggering the alarm. It?s worth noting that any wireless device can be jammed, but there are methods and technologies that make it harder to pull off.”

Of course a hacking-capable intruder needs to know what kind of alarm system they’re trying to jam, which is why it’s a good idea to not advertise the type of alarm system you have via those handy yard stakes or signs (which some people use in substitute for a real alarm system anyway). While such signs can be deterrents, they also advertise which vulnerabilities an intruder should be targeting.

The systems Consumer Reports said were relatively easy to jam were the Abode Iota All-In-One Kit, Cove Home Security System, Eufy 5-Piece Home Alarm Kit, Ring Alarm Security Kit (2nd gen.), and SimpliSafe The Essentials SS3-01. Two of those systems, Cove and Eufy, were also found to be vulnerable to replay disarm signal attacks, where an attacker captures and records the disarm signal from a key fob and later broadcasts it to disarm the security system. Not all of these vulnerabilities are fatal; some detect the jamming, they just do so too late. Others can have sensors jammed, but still record intruders.

That said, when Consumer Reports reached out to the five companies to see if they’d be fixing the jamming issue, only one said they would. And most downplayed the threat as not particularly likely in the real world:

“In order to jam a device, one would have to perfectly execute a highly nuanced protocol with devices specifically tuned and configured for this purpose,? says Gomes-Casseres. ?And even if successful, thanks to SimpliSafe?s built-in detection, customers are alerted, and cameras are queued to record and capture evidence, during jamming attempts.”

Still, it’s yet another example that dumb tech (like say, getting a dog and a dead bolt) still can be a more reliable supplement, if not outright alternative.

Filed Under: ,
Companies: consumer reports

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Half Of the Major Internet-Connected Security Systems Are Vulnerable To Jamming”

Subscribe: RSS Leave a comment
TKnarr (profile) says:

Note that hard-wired sensors are vulnerable to the same kind of attack. For a window sensor, for example, the intruder can cut an opening in the glass and either sever the connecting wire or jumper across the sensor (depending on the alarm system) and open the window without the system detecting it. Very few alarm systems have interior motion sensors, which would be harder to deal with, because of problems with false alarms.

Bilvin Spicklittle says:


Proper sensors are recessed into the door/window and can only be viewed when those are open. The wires themselves are put inside the frame/sill… none are exposed to be cut, not without a chainsaw.

Furthermore, cutting the wire activates the alarm. They’re NC, and when the wire is cut the alarm sees that just as if the window were opened.

Granted, none of this describes the IoT junk that passes for security systems nowdays, but hard-wired systems aren’t nearly so vulnerable as that. Not even if some cat burglar with a glass cutter is trying to sneak into your lower-middle-priced suburban ranch.

As for whether or not the security companies are right when they claim that jamming is a sophisticated attack that won’t ever happen… card-skimming fraudsters no longer have to return to the gas pump and risk capture because they can download the card numbers from 200ft away over Bluetooth, with card skimmers hard-wired into the original hardware so that they’re 100% invisible to customers and most of the employees.

Anything that becomes software (or even just technology) will happen because it’s easy, cheap, and infinitely repeatable.

Upstream (profile) says:

Re: Re: Re: Re copper phone lines

Lot’s of people, me included, don’t have copper phone lines anymore. It is all fiber optic cable. And the ONT (Optical Network Terminal aka in-the-house fiber to copper converter) and router all need 120VAC. Not everyone is in this situation, but it is becoming more common fairly quickly.

Bilvin Spicklittle says:

Re: Re: Re:2

Your ONT does not require 120VAC. It uses a center-positive 12VDC barrel connector. Run it off a battery too. Or better yet, get a data sim from your carrier and use that instead for the security panel… they could theoretically cut the line, but they aren’t going to semtex the 6 cell phone towers within range just to steal your 4 yr old not-even-4K off-brand television.

ECA says:

Re: One I like, cant find

I used to install a sensor that worked on Air pressure, which is great for new and tight homes.
Open/break a window or door and it screams.

The Other thing about all this is that a SMART crook will have been in your home to KNOW what they want and how to crack your system, or even setup something to help them get in.
Also talked to a few and noted that trespass ISNT Theft. Getting a picture of them INSIDE your home whne you arnt there is your best chance. But setups can be fun. Hiding the equipment, and camera’s is so much fun.
But do consdier the worst part. 2600mhz is the signal your router and BT use to talk to other devices. It would not be hard to use a device to block this. We already have enough problems with the net connections. And at the very least, you Cut the wire and steal the computers inside. And you are probably good.

Ehud Gavron (profile) says:


Someone ought to define jamming in a way that makes sense.

Techdirt has been hit. My login is no longer valid, and trying to reactivate it took five tries because TD arbitrarily limits the keyspace.

After all that, no crystal ball.

Failure of process is not worth celebrating. Making people use 12 character and no not any 12 characters, only 10. Then add one of the “special chars” (keyspace length: 8 not 26 not 52 not 62) and one uppercase… (keyspace 1/2).

This sucks.

Hope you peeps enjoy it. I won’t be venturing to ever change my password for Techdirt again. NOBODY knew my old one, NOBODY knows my new one, and NOBDOY ever will.

If goodwill is worth something, this was a loss.

Ehud Gavron says:

Re: Re: Even worse

Mike, not making it personal. Respect. Even my “new” login isn’t getting me in now.

I’m still a fan and a supporter of you and your staff. Just letting you know… this is… frustrating. Best of luck during the transition… and no crystal ball and no posting means less reading. This will be a loss to me, for sure.



Leigh Beadon (profile) says:


Hi Ehud – we are working as hard as we can to resolve all the issues. This site migration was a necessary thing for us, and some bugs were inevitable – and we have a very small team but we’re doing what we can to make it as smooth as possible.

We’ll get your Crystal Ball restored ASAP – I’m sorry to hear that this brief disruption impacts your goodwill towards the site.

Ehud Gavron (profile) says:

Nothing smart.

Door and window sliders: use a strong magnet. Place magnet where it affects the receiver (reed switch). Open and close at will. The alarm won’t know you did.

Glass breakage sensor. Place poly vinyl (or Saran sandwich wrap on window. Break. The frequency won’t set the breakage sensor off. Remove wrap and reach in.

IR sensors – spray fire extinguisher into the room. The frozen carbon dioxide will mask any movement.

None of these sensors are smart. NONE are wireless. These cheap mehods will bypass ALL of the sensors typically found in residential or business environments.

You want to learn how to jumper the 66 block so no outgoing calls go to the alarm receiving center? Do you want to know how to easily intercept the human call back confirming a code.. and what to say so they accept it without “password”? Yeah, that too is easy.

An alarm is only as good as the system that it reports to, and most times, that’s not anything useful at all.
P.S. Yeah, I do security consulting. Mostly I show businesses how easy and simple it is to get their stuff without getting caught. No, you can’t hire me, but yes, you should read up on what I said. It’s reality. Internet argumentative people will tell you it’s not true — they lie.

Scary Devil Monastery (profile) says:


“None of these sensors are smart. NONE are wireless. These cheap mehods will bypass ALL of the sensors typically found in residential or business environments.”

All too true.

The real function of an expensive yet mainly useless security system is twofold; discouraging incompetent burglars and making sure your insurance company has your back.

In reality you can just assume the cost of your security system is an undeclared surcharge on top of your insurance premium.

nasch (profile) says:


Of course a hacking-capable intruder needs to know what kind of alarm system they’re trying to jam, which is why it’s a good idea to not advertise the type of alarm system you have via those handy yard stakes or signs (which some people use in substitute for a real alarm system anyway).

So get an alarm system, and post the sign for a different brand.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...