Wireless home security systems can be easily overthrown to either suppress the alarms or create multiple false alarms that would render the equipment unreliable, according to two researchers.
Logan Lamb, a security researcher at the Oak Ridge National Lab, and Silvio Cesare of Qualys, a provider of cloud security, compliance and related services, each conducted independent reviews of home security systems.
In his research, Lamb looked at home alarm systems made by ADT, Vivint, and a third unidentified company. He found that false alarms could be set off from up to 250 yards away using a USRP N210, a software-defined radio. Disabling an alarm would require closer proximity of about 10 feet from the home.
Meanwhile, Cesare examined popular systems used in Australia, including ones developed by Swann Security, an Australian firm that also sells its systems in the United States.
Both researchers uncovered identical problems with the wireless alarms they examined, regardless of brand.
Each alarm examined, regardless of brand, relies on radio frequency signals transmitted between door and window sensors to a control panel that triggers an alarm when any entryways are breached. However, the researchers found that the systems fail to encrypt or authenticate the signals being sent from sensors to control panels. This can make it easy for hackers to intercept the data, decipher the commands and play them back to control panels at will, Wired.com reports.
“All the systems use different hardware but they are effectively the same,” Lamb told Wired.com. “[They’re] still using these wireless communications from the mid-90s for the actual security.”
Additionally, research unveiled that signals can be jammed to prevent them from tipping an alarm by sending radio noise to prevent the signal from getting through from sensors to the control panel.
Lamb says that jamming the intra-home communications suppresses alarms to both the occupants and the monitoring company.
When Cesare examined the systems, he discovered the stored password on devices a homeowner would use to arm and disarm the alarm. In particular, Cesare was able to physically capture stored passwords from a system developed by Swann Security by attaching a microcontroller programmer to read data off the EEPROM.
He also found that some systems utilize a remote to allow homeowners to arm and disarm their alarms without entering a password on a control panel. Because the data is transmitted in the clear and via radio frequency, it can be monitored.
Furthermore, most systems Cesare examined used only a single code. He says that systems could be made more secure by using rolling codes that change, but manufacturers have selected the easier method to implement with their hardware.
Cesare notes that out of all the alarm systems examined, commercial-grade systems are likely more secure than home security solutions.
Lamb and Cesare will reveal more of their findings during the Black Hat security conference in Las Vegas in August.