Scandal of the Not So Smart Alarms

cyber criminal

They have been sold as a state-of-the-art alternative to metal locking systems and bog-standard burglar alarms. Thanks to the internet and global packet radio systems, a digitally controlled security system is affordable for households and businesses. They can complement ‘traditional’ Yale locks and mortice locks and take the place of traditional burglar alarms. Households can switch the burglar alarm on and off with a mobile device.

Though smart alarms and similar devices offer unrivalled convenience, they are not without their foibles. Recent studies have found how smart alarms can be:

  • Jammed without warning households;
  • Hacked with £35 worth of software and hardware;
  • Breached over 5,000 miles away a given location.

In Forbes magazine, investigative journalist and privacy expert, Thomas Fox-Brewster, noticed a number of glaring security holes. After taking a Transatlantic flight to London, he was surprised to find how easy it was to breach a security system 5,000 miles away. Logging into the smart alarm system of East Oakland Youth Development Center, he was able to gain access to CCTV cameras, doors and alarm systems.He did this by entering ‘admin’ into the Username and Password input boxes.

It was later acknowledged that the EOYDC’s alarm system’s password was set to the factory default settings (which was ‘admin’ for both the Username and the Password). Bay Alarm, who manufactured the youth facility’s alarm system, had admitted the security flaw which potentially affects millions of businesses and households. On a later attempt, the youth group’s login details were changed.

The Internet of Thieves?

Bay Alarm weren’t the only company to have issues with smart alarms. Motorola’s CCTV devices have reported problems regarding security weaknesses (a patch has been issued).

Another source, IOActive Labs Research, reported on the security holes with SimpliSafe’s wireless intruder alarms. For up to £175, you can jam the state-of-the-art alarm system with a commodity microcontroller board, a SimpliSafe keypad, and a SimpliSafe base station. Any SimpliSafe system can be ‘listened in’ from up to 100 feet away. This video clip below proves how the SimpliSafe system can be breached.

Another system, the Comcast XFINITY home security system, has also been fraught with vulnerabilities. Following an investigation by Rapid7 researcher, Phil Bosco, the ZigBee wireless protocol signals (at 2.4 GHz) can be jammed. An homebrew jamming device (with components from Maplin and a cigarette packet) can create a ‘failure condition’ within its operating frequency.

What is of most concern is how hackable ‘smart alarms’ are in reality. If you are mad keen on considering a system, we at CPPM suggest saving your pennies for the time being. We mean it, given as relying on these systems alone could make your house less secure. There is no substitute for watertight mechanical Yale and mortice locks and toughened UPVC doors.

CPPM, 16 March 2016.