How-To Info On Hacking Wireless Alarm Systems Readily Available Online

A local television news team in Indianapolis reported on how easy it is to obtain information and equipment to hack wireless home alarm systems.

INDIANAPOLIS—Wireless alarm systems are rife with vulnerabilities that could allow an intruder to gain entrance to a residence unnoticed, according to tech experts. That’s not new news but the specter of such a scenario continues to gain mainstream awareness.

A news team from an ABC television affiliate here began looking into alarm systems after tech security company IO Active published its findings about weaknesses in the DIY security system by SimpliSafe.

“Consumers of this product need to know the product is inherently insecure and vulnerable to even a low-level attacker,” the IO Active security advisory states.

Many unsuspecting consumers prominently display window and yard signs promoting their use of the system and could essentially be identifying their home as a target for a hack known as a replay attack, according to advisory.

Rook Security, a managed security services provider (MSSP) based here, told WRTV that information about how to hack into the SimpliSafe system is readily available on Internet, and the parts needed to pull it off are easily available online as well.

“It’s very simple, you can purchase a device for about $20. A little bit of technical know-how and knowing how to translate that to some code so you can repeat it,” Tom Gorup, security operations lead at Rook Security, told WRTV’s Call 6 Investigates team.

The news team said it reached out to SimpliSafe but the company never answered its request for an interview. Instead they were directed to a statement online which reads, in part, “The hack described is sophisticated and highly unlikely.”

Call 6 Investigation found a much larger issue with wireless alarm systems, a hack known as “jamming.”

“Some of the older systems were based off the phone line when you had an external phone line coming into the house, that could actually be cut,” Daniel Ford, a forensic analyst with Rook Security, told WRTV. “This is the same kind of theory. Digitally cutting off the connection to the outside world.”

Jamming essentially floods the airwaves with virtual white noise, Ford described.
 
Rook Security demonstrated the hacking technique using a simple ham radio purchased on Amazon. The push to talk button was held down on the same frequency that the alarm system used to communicate with its sensors. As long as the button was pushed down, the sensors never sent an alarm to the base.

“Since I jammed it, no sensor relay is happening. So if I move in front of the motion sensor, it isn’t getting back to the device,” Ford said.

The frequencies that the sensors operate on are easy to find on the Internet, according to the news report. An alarm company sign in the front yard may even make it easier for crooks to identify what system a homeowner has installed.


READ NEXT: Serious Security Flaws Found in Samsung SmartThings Platform


“I could easily research what security system you own because a lot of people have those signs out front,” said Ford. “If I know what device you’re running and what frequency it is on, I can have an attack up in ten minutes.”

This hack doesn’t just affect mass marketed DIY systems. Experts have been able to jam signals in many of the more expensive, professional installed systems as well, including systems from ADT, Xfinity and Brighthouse.

Still, outfitting a residence with an alarm system is better than not having one, Indianapolis Metropolitan Police Department Officer Jim Gillespie told WRTV.

“Anything that a homeowner can install that can deter a theft is going to be better than not having anything at all,” he said.

If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our FREE digital newsletters!

About the Author

Contact:

Although Bosch’s name is quite familiar to those in the security industry, his previous experience has been in daily newspaper journalism. Prior to joining SECURITY SALES & INTEGRATION in 2006, he spent 15 years with the Los Angeles Times, where he performed a wide assortment of editorial responsibilities, including feature and metro department assignments as well as content producing for latimes.com. Bosch is a graduate of California State University, Fresno with a degree in Mass Communication & Journalism. In 2007, he successfully completed the National Burglar and Fire Alarm Association’s National Training School coursework to become a Certified Level I Alarm Technician.

Security Is Our Business, Too

For professionals who recommend, buy and install all types of electronic security equipment, a free subscription to Commercial Integrator + Security Sales & Integration is like having a consultant on call. You’ll find an ideal balance of technology and business coverage, with installation tips and techniques for products and updates on how to add to your bottom line.

A FREE subscription to the top resource for security and integration industry will prove to be invaluable.

Subscribe Today!

Get Our Newsletters