Homeowners and security professionals alike have expressed concerns over the emerging Internet of Things. As toasters, refrigerators, and even doorknobs are connecting to the internet, the internet of things is opening homes and businesses to hacking opportunities and possible security breaches. Yet a greater concern exists in residential homes that could open hacking avenues that aren’t even connected to the internet: wireless home alarms.
Two researchers acting separately from the government, their jobs, and even each other, investigated residential wireless home alarm systems to determine their susceptibility for hacking. The results were both similar and concerning, asserting that home alarms can be easily subverted in order to either suppress or trigger false alarms to classify them as unreliable.
Logan Lamb is a security researcher at Oak Ridge National Lab, who looked at three of the United States top brands of home alarm systems. “An attacker can walk up to a front door and suppress the alarm as they open the door, do whatever they want within the home and then exfiltrate, and it’s like they were never there.” The systems he investigated were made by ADT, Vivint, and a third company that asked not to be identified.
Silvio Cesare is a researcher out of Australia who works for Qualys, who looked at more than half a dozen systems popular to his native continent. One of which was Swann, which also sells to the US. Both researcher’s findings were similar and were evident across the various brands.
They were able to uncover two primary problems:
- All wireless systems were dependent on radio frequency signals sent between door and window sensors to a control system. The control system triggers the alarm when any of the pathways are breached.
- The systems fail to encrypt or verify the signals sent, making is relatively easy for a criminal to intercept the signal, give commands, and play back to the control panel in order to manipulate alarms.
Lamb went on to report, “All of the systems use different hardware but they are effectively the same.[They’re] still using these wireless communications from the mid-90s for the actual security.” These antiquated signals leave open the possibility for jamming, which can prevent the alarm from triggering by blocking the signal from the sensors to the control panel. “Jamming the intra-home communications suppresses alarms to both the occupants and the monitoring company.” The danger of this lacking communication is clear.
The problems here reflect that home security companies have work to do. The ways in which signals are sent need to be updated, which is possible given the advancements in technology since the mid-90’s. Additionally those signals need to be encrypted to make it more difficult for savvy thieves to configure. As it is now, devices as cheap as $1,700 can be purchased in order to maneuver around these home systems — which is not a high price to pay considering the investment homeowners have to lose.