Suit Alleges ADT’s Wireless Systems Are ‘Easily Hacked’
The suit points to an article in Forbes magazine that a simple software-defined radio (SDR) allows hackers to detect when doors are opened and closed.
CHICAGO – A $10 radio allows hackers to infiltrate ADT security systems, compromising the so-called “peace of mind” the service offers, a federal class action alleges.
The complaint by Illinois resident Dale Baker says that the residential and small-business customers of ADT Security Services “are far less safe than ADT leads them to believe.”
Customers sign a three-year agreement when they purchase equipment that relies on “unencrypted and unauthenticated” wireless signals, according to the complaint. Baker says hackers can exploit these flaws to disable the system, cause false alarms to go off and even use the system’s own cameras to spy on people.
The suit, filed Nov. 9 in the Federal District Court in the Northern District of Illinois, makes no claim of specific damages or loss due to the exploit. The lawsuit points to an article in Forbes magazine that a simple software-defined radio (SDR) allows hackers to detect when doors are opened and closed. With a more complicated SDR they can manipulate the system, according to the complaint. This leaves consumers “insufficiently protected from intrusion and interference by unauthorized third parties,” Baker says.
Baker’s home security system was allegedly hacked twice, both times triggering an alarm that led to the police being called.
ADT advertises “peace of mind” for its customers, offering systems that use advanced technology and are “safe and reliable,” according to the complaint. But Baker says ADT “knows that its systems are vulnerable to intrusion.” Despite admitting that it uses professional hackers to test ADT systems, the company does not alert customers to any issues, according to the complaint.
The class seeks an injunction requiring ADT to change its marketing materials and use encrypted signals in its security systems.
“Actually I am surprised that the lawsuit limits itself to the unencrypted or insufficiently secure wireless equipment,” legal expert Ken Kirschenbaum of Kirschenbaum & Kirschenbaum wrote in his (Nov. 24) security industry newsletter.
Kirschenbaum, who pens SSI‘s “Legal Briefing” column, wrote in his newsletter, “How about a false sense of security? Surely ADT does not offer ‘prevention’ and throwing around the word ‘protection’ starts to sound an awful lot like ‘prevention,’ especially in the context of the advertisements and promotions.”
“Of course all of this is negated by ADT’s contract,” Kirschenbaum continued. Although smaller security companies are less likely to be the target of a class action unless brought by a governmental agency, there are precautionary measures companies can take to protect themselves. Kirschenbaum suggests:
â€¢ Web sites and advertisements should not cross the line from puffery to false expectations
â€¢ Ensure subscriber contract forms are lawful and properly executed
â€¢ Ensure subscriber contracts are properly worded
â€¢ Ensure your contract contains a class action waiver that should get you out of the class action
â€¢ Use a disclaimer notice
To view the complete class action document, click here.
Security Is Our Business, Too
For professionals who recommend, buy and install all types of electronic security equipment, a free subscription to Security Sales & Integration is like having a consultant on call. You’ll find an ideal balance of technology and business coverage, with installation tips and techniques for products and updates on how to add sales to your bottom line.
A free subscription to the #1 resource for the residential and commercial security industry will prove to be invaluable. Subscribe today!