Why Wireless Is the Wild West of Security
Here is a look at the latest in standards and new products in wireless security technology.
IoT is to include 212 billion installed “things” globally by the end of 2020. Companies such as Atmel, Broadcom, Dell, Intel, Samsung and Wind River have formed the Open Interconnect Consortium (OIC) with the goal of defining a common communication framework based on industry standards. The OIC expects the first open source code to target specific requirements for smartphone and office solutions.
A good example of a new Z-Wave Plus application is the Leak Gopher Valve Controller from Leak Intelligence of Franklin, Tenn. Being able to tie into a Z-Wave network enables programming scenes that allow the Leak Gopher to turn water off when arming the security system and back on when disarming. Leak detection sensors and remote control via smartphone are popular options.
Hacking Threats Are Real
Wireless systems have always been an installation panacea. Installation costs have been dramatically reduced and the dream of the one-hour installation has come closer to reality. However, there is a dark and dangerous side emerging. After all, sending security control and reporting data over the open air makes that same data open and vulnerable to compromise (also see sidebar).
We have always heard of security measures for wireless security systems. One security measure, frequency hopping, is a popular basic modulation method used in spread-spectrum signal transmission. Having multiple signals used to communicate makes it difficult to listen in on one frequency. In some systems, complex algorithms are used to help decide which frequencies are selected for communication. Additionally, some systems can use this method to select the best frequency for radio frequency (RF) communications. Another wireless communications security method is the encryption of data sent over wireless systems.
Recently, the public confidence and foundation of the wireless security community was shaken by a few security hacking re-searchers, sometimes known in the trade as penetration testers. These major discoveries were not just revealed within the confines of the technical trade, but also in the public mainstream. Commentary could be found in recent articles in media venues such as Wired and Forbes, and National Public Radio. Because of this international public exposure the security community should be prepared to discuss these matters with all existing customers and sales prospects.
What is this big breach in wireless security? It was discovered by and disclosed to the world that some very popular and widely sold wireless security systems may not be as secure as one would expect. Using modern, and what some might even consider basic, hacking techniques and technology it was discovered that some major wireless home alarm systems are vulnerable to attack.
The featured researchers, Logan Lamb and Silvio Cesare, both have security research backgrounds. However, they conducted their particular wireless security system hacking research on personal time. Some of their research was brought to public attention when it was declared they would be making presentations at August’s Black Hat security conference in Las Vegas. Just prior to the conference, for undisclosed reasons Lamb pulled his session, “Home Insecurity: No Alarms, False Alarms, and SIGINT.” According to Black Hat officials, the cancellation of a session is rare.
“All of the systems use different hardware, but they are effectively the same,” Lamb says. “[They’re] still using these wireless communications from the mid-’90s for the actual security.” The researchers found that some of the wireless systems failed to encrypt and authenticate signals sent from the sensors to the control panel. In one of the products Cesare examined, unencrypted signals could reveal the stored system arm/disarm password. One of the hacking devices used is referred to as a software-defined radio and can be purchased on the Internet for around $10.
If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our FREE digital newsletters!
About the Author
Bob Dolph, SSI Contributor
Bob is currently a Security Sales & Integration "Tech Talk" columnist and a contributing technical writer. Bob installed his first DIY home intercom system at the age of 13, and formally started his technology career as a Navy communication electronics technician during the Vietnam War. He then attended the Milwaukee School of Engineering and went on to complete a Security Management program at Milwaukee Area Technical College. Since 1976, Bob has served in a variety of technical, training and project management positions with organizations such ADT, Rollins, National Guardian, Lockheed Martin, American Alarm Supply, Sonitrol and Ingersoll Rand. Early in his career, Bob started and operated his own alarm dealership. He has also served as treasurer of the Wisconsin Burglar and Fire Alarm Association and on Security Industry Association (SIA) standards committees. Bob also provides media and training consulting to the security industry.
Related Content
Security Is Our Business, Too
For professionals who recommend, buy and install all types of electronic security equipment, a free subscription to Commercial Integrator + Security Sales & Integration is like having a consultant on call. You’ll find an ideal balance of technology and business coverage, with installation tips and techniques for products and updates on how to add to your bottom line.
A FREE subscription to the top resource for security and integration industry will prove to be invaluable.
