Half Of the Major Internet-Connected Security Systems Are Vulnerable To Jamming
from the not-so-smart-home dept
As usual, the “smart” home isn’t always all that smart, and dumber technology can often be the best option. That’s certainly true in the smart lock realm, where studies repeatedly have shown that many major smart lock brands are easily compromised. The same has reportedly been proven to be of most other “smart” devices, whether it’s smart refrigerators, smart televisions, or even smart Barbies.
You’d think “smart” systems with a focus on security would be better, but not really. Consumer Reports recently took a look at the top ten modern home security systems, and found that half of them could be relatively easily compromised by hackers. Most modern security systems are DIY systems that include a centralized hub, then various door, window, and other sensors you can buy piecemeal. But Consumer Reports found that five major brands could be relatively easily jammed so that the alarm never goes off when an intruder enters your home:
“In a series of new tests, Consumer Reports found that five popular DIY home security systems are relatively easy to jam. That means a burglar can use a laptop and a portable radio frequency (RF) transceiver to block the signals from door/window or motion sensors and enter a home without triggering the alarm. It?s worth noting that any wireless device can be jammed, but there are methods and technologies that make it harder to pull off.”
Of course a hacking-capable intruder needs to know what kind of alarm system they’re trying to jam, which is why it’s a good idea to not advertise the type of alarm system you have via those handy yard stakes or signs (which some people use in substitute for a real alarm system anyway). While such signs can be deterrents, they also advertise which vulnerabilities an intruder should be targeting.
The systems Consumer Reports said were relatively easy to jam were the Abode Iota All-In-One Kit, Cove Home Security System, Eufy 5-Piece Home Alarm Kit, Ring Alarm Security Kit (2nd gen.), and SimpliSafe The Essentials SS3-01. Two of those systems, Cove and Eufy, were also found to be vulnerable to replay disarm signal attacks, where an attacker captures and records the disarm signal from a key fob and later broadcasts it to disarm the security system. Not all of these vulnerabilities are fatal; some detect the jamming, they just do so too late. Others can have sensors jammed, but still record intruders.
That said, when Consumer Reports reached out to the five companies to see if they’d be fixing the jamming issue, only one said they would. And most downplayed the threat as not particularly likely in the real world:
“In order to jam a device, one would have to perfectly execute a highly nuanced protocol with devices specifically tuned and configured for this purpose,? says Gomes-Casseres. ?And even if successful, thanks to SimpliSafe?s built-in detection, customers are alerted, and cameras are queued to record and capture evidence, during jamming attempts.”
Still, it’s yet another example that dumb tech (like say, getting a dog and a dead bolt) still can be a more reliable supplement, if not outright alternative.
Filed Under: smart homes, vulnlerabilities
Companies: consumer reports
Comments on “Half Of the Major Internet-Connected Security Systems Are Vulnerable To Jamming”
Note that hard-wired sensors are vulnerable to the same kind of attack. For a window sensor, for example, the intruder can cut an opening in the glass and either sever the connecting wire or jumper across the sensor (depending on the alarm system) and open the window without the system detecting it. Very few alarm systems have interior motion sensors, which would be harder to deal with, because of problems with false alarms.
Re:
Proper sensors are recessed into the door/window and can only be viewed when those are open. The wires themselves are put inside the frame/sill… none are exposed to be cut, not without a chainsaw.
Furthermore, cutting the wire activates the alarm. They’re NC, and when the wire is cut the alarm sees that just as if the window were opened.
Granted, none of this describes the IoT junk that passes for security systems nowdays, but hard-wired systems aren’t nearly so vulnerable as that. Not even if some cat burglar with a glass cutter is trying to sneak into your lower-middle-priced suburban ranch.
As for whether or not the security companies are right when they claim that jamming is a sophisticated attack that won’t ever happen… card-skimming fraudsters no longer have to return to the gas pump and risk capture because they can download the card numbers from 200ft away over Bluetooth, with card skimmers hard-wired into the original hardware so that they’re 100% invisible to customers and most of the employees.
Anything that becomes software (or even just technology) will happen because it’s easy, cheap, and infinitely repeatable.
Re: Re:
Also, hard wires system can use battery backup and continue to work during a power outage, including remote alarms via the good old copper phone line.
Re: Re: Re: Re copper phone lines
Lot’s of people, me included, don’t have copper phone lines anymore. It is all fiber optic cable. And the ONT (Optical Network Terminal aka in-the-house fiber to copper converter) and router all need 120VAC. Not everyone is in this situation, but it is becoming more common fairly quickly.
Re: Re: Re:2
How significant that is depends on whether or not you have neighbors to hear an external alarm.
Re: Re: Re:2
Your ONT does not require 120VAC. It uses a center-positive 12VDC barrel connector. Run it off a battery too. Or better yet, get a data sim from your carrier and use that instead for the security panel… they could theoretically cut the line, but they aren’t going to semtex the 6 cell phone towers within range just to steal your 4 yr old not-even-4K off-brand television.
Re: Re: Re:3
Well, the battery would need a battery charger, which would require 120VAC (a solar system would not likely be a viable option).
And I am out of range of cell towers, and the cell “booster” that connects to my router also requires 120VAC. Yes, technically it uses 12VDC and could run from a battery, but see above.
Re: Tamper resistance.
A loop through a set of normally closed switches, with a resistor in series with each switch,alarms if the loop is cut, or shorted out changing the loop resistance.
Re: One I like, cant find
I used to install a sensor that worked on Air pressure, which is great for new and tight homes.
Open/break a window or door and it screams.
The Other thing about all this is that a SMART crook will have been in your home to KNOW what they want and how to crack your system, or even setup something to help them get in.
Also talked to a few and noted that trespass ISNT Theft. Getting a picture of them INSIDE your home whne you arnt there is your best chance. But setups can be fun. Hiding the equipment, and camera’s is so much fun.
But do consdier the worst part. 2600mhz is the signal your router and BT use to talk to other devices. It would not be hard to use a device to block this. We already have enough problems with the net connections. And at the very least, you Cut the wire and steal the computers inside. And you are probably good.
Re: Re: Air pressure clock
I seem to remember a curio from 1975 or 1978 that was a clock that was wound by changes in the ambient air pressure.
You are going to need to have the right size leak so fronts coming through don’t set off your sensor!
Your security panel should have a battery backup by default. Your router and gateway are pretty low current and can probably survive on a $100.00 300VA UPS for a day with out mains power input. Alarm system network power fail problem solved. 🙂
Re:
As long as there are no kids, elderly people, disabled people, or dogs, etc at home that would be driven crazy by the incessant beeping of the UPS. And, yes, some of the more sophisticated UPS systems can be configured to not beep, but not most of the less expensive ones.
So a UPS could be an option but there are drawbacks there, too.
Jamming?
Someone ought to define jamming in a way that makes sense.
Techdirt has been hit. My login is no longer valid, and trying to reactivate it took five tries because TD arbitrarily limits the keyspace.
After all that, no crystal ball.
Failure of process is not worth celebrating. Making people use 12 character and no not any 12 characters, only 10. Then add one of the “special chars” (keyspace length: 8 not 26 not 52 not 62) and one uppercase… (keyspace 1/2).
This sucks.
Hope you peeps enjoy it. I won’t be venturing to ever change my password for Techdirt again. NOBODY knew my old one, NOBODY knows my new one, and NOBDOY ever will.
If goodwill is worth something, this was a loss.
Re: Sorry
Hey Ehud,
As we’ve been trying to make clear all over the site, we just did a major, major platform change over the weekend, and have been asking everyone to bear with us through this, and to use the feedback forms to alert us to problems, which we’re working to solve as quickly as we can…
Mike
Re: Re: Even worse
Mike, not making it personal. Respect. Even my “new” login isn’t getting me in now.
I’m still a fan and a supporter of you and your staff. Just letting you know… this is… frustrating. Best of luck during the transition… and no crystal ball and no posting means less reading. This will be a loss to me, for sure.
V/r
Ehud
Re: Re: Re:
If it makes you feel any better, even I don’t have the Crystal Ball. But we’re working on getting it back for everyone (most people who are supposed to do have it, we’re just working through edge cases).
Re:
Hi Ehud – we are working as hard as we can to resolve all the issues. This site migration was a necessary thing for us, and some bugs were inevitable – and we have a very small team but we’re doing what we can to make it as smooth as possible.
We’ll get your Crystal Ball restored ASAP – I’m sorry to hear that this brief disruption impacts your goodwill towards the site.
Nothing smart.
Door and window sliders: use a strong magnet. Place magnet where it affects the receiver (reed switch). Open and close at will. The alarm won’t know you did.
Glass breakage sensor. Place poly vinyl (or Saran sandwich wrap on window. Break. The frequency won’t set the breakage sensor off. Remove wrap and reach in.
IR sensors – spray fire extinguisher into the room. The frozen carbon dioxide will mask any movement.
None of these sensors are smart. NONE are wireless. These cheap mehods will bypass ALL of the sensors typically found in residential or business environments.
You want to learn how to jumper the 66 block so no outgoing calls go to the alarm receiving center? Do you want to know how to easily intercept the human call back confirming a code.. and what to say so they accept it without “password”? Yeah, that too is easy.
An alarm is only as good as the system that it reports to, and most times, that’s not anything useful at all.
E
P.S. Yeah, I do security consulting. Mostly I show businesses how easy and simple it is to get their stuff without getting caught. No, you can’t hire me, but yes, you should read up on what I said. It’s reality. Internet argumentative people will tell you it’s not true — they lie.
Re:
“None of these sensors are smart. NONE are wireless. These cheap mehods will bypass ALL of the sensors typically found in residential or business environments.”
All too true.
The real function of an expensive yet mainly useless security system is twofold; discouraging incompetent burglars and making sure your insurance company has your back.
In reality you can just assume the cost of your security system is an undeclared surcharge on top of your insurance premium.
Alarms
So get an alarm system, and post the sign for a different brand.