What if Their Alarm Signals Never Reach the Central Station?
Learn how to thwart hackers from halting alarm communications.
A burglar’s “tool kit” now includes electronics to hack and jam alarm systems, and dealers need to address this threat to their customers’ safety to ensure that the central station receives signals from wireless systems.
As Good Morning America (GMA), Forbes, Wired and other media outlets have reported, many installed wireless alarm systems are susceptible to hacking and jamming, which allow a burglar to monitor the activities of the homeowners and control the system. That means your customers could have a perfectly operating alarm system but the central station will not be alerted of emergencies because of intentional outside interference.
Hacking/Jamming Issue Won’t Go Away
Do a Google search and you’ll see that software defined radios (SDRs) that connect to a laptop computer can be purchased for about $20. Most of the sites selling these devices also provide alarm-hacking instructions to mimic the tricks GMA exposed to a national audience.
Because of this new threat, wireless-alarm hacking was featured at the 2014 Black Hat Briefings, an information-security conference. There, Logan Lamb, as he did on GMA, demonstrated how to exploit two weaknesses in a typical wireless system – unencrypted messages and single-frequency transmission – using an SDR.
After identifying the radio frequency of alarm-system signal transmissions and recording the unencrypted message from de-vices to the control panel, Lamb was able to track the movement of the family inside the home.
Lamb also used the SDR antenna to send a powerful radio signal on the same frequency to “jam” a door sensor. Because Lamb’s pirated signal was stronger than that of the system device, he was able to tell the control panel that the door was closed even when it was open. The same technique allowed Lamb to disarm the system without detection or leaving a trace.
There Are Solutions to Thwart Threats
Jamming can be overcome by installing devices that use spread-spectrum technology (S-ST) whereby signal transmissions hop between many different frequencies to dodge interference. For example, imagine driving down a one-lane tunnel and a truck stops in front of you. Your progress is halted and you have no alternative route. In contrast, S-ST is like a 25-lane highway; if something impedes your path, you simply change lanes.
The way encryption works to prevent hacking of an alarm system is that each sensor is programmed with a mathematical equation and a hidden numerical key that is never sent across the network, thus it cannot be intercepted.
The sensor sends a scrambled message to the control panel, which reverses the complex equation to verify the identity of the sensor/sender. Each sensor also has a calculator that generates a one-time scrambled message for each radio transmission to the panel to further complicate things for hackers.
Suppose a hacker uses an SDR to eavesdrop on encrypted wireless communications and records a disarm message from the keypad to the panel. When the hacker attempts to rebroadcast the recorded message, the panel knows to ignore the message because the one-time scrambled message has been used already and the timestamp is invalid.
This is the same technology used to secure the data and the networks of the world’s IP infrastructure.
What Steps Should Security Installers Take?
Develop a strategy to replace your customers’ vulnerable equipment with hardware that uses S-ST and encrypts signal transmissions. When you rectify the situation, make sure you get another contract signed. This helps ensure you are able to recoup the costs of replacing the hardware. Additionally, it’s always beneficial to have recently signed agreements, which locks in that customer further into the future.
Ignoring the situation and doing nothing could equal losing the customer and the value of the contract, because news of this threat is now in the mainstream media. In fact, a recently filed class-action lawsuit accuses ADT of “business acts and practices in connection with the sale of wireless home security equipment and monitoring services.”
The potential impact of the suit is rippling through the industry. As a result, subscriber contracts for systems with vulnerable hardware are worth much less than before, as any buyer would need to install new hardware or be legally liable for their decision not to do so.
As you can imagine, it is much better to be proactive and take the necessary steps to protect your customers. And this, in turn, protects the value of your company.
Security Is Our Business, Too
For professionals who recommend, buy and install all types of electronic security equipment, a free subscription to Security Sales & Integration is like having a consultant on call. You’ll find an ideal balance of technology and business coverage, with installation tips and techniques for products and updates on how to add sales to your bottom line.
A free subscription to the #1 resource for the residential and commercial security industry will prove to be invaluable. Subscribe today!