Wired’s Kim Zetter reports on (independent) reports by two researchers that show how home alarm setups can be hacked remotely, from as far away as 250 yards.
The vulnerabilities could allow a malicious actor to suppress alarms or create multiple, false alarms that would render the system unreliable (and really annoying).
Zetter profiles the work of Logan Lamb, a security researcher at Oak
Hill Ridge National Lab who conducted independent research on three top brands of home alarm systems made by ADT, Vivint and a third company that asked to remain anonymous.
She also cites work by Silvio Cesare, who works for Qualys who studied common home alarm systems sold in Australia, including devices manufactured by Swann, an Australian firm that also sells its systems in the U.S.
Both discovered a litany of similar problems, Zetter reports:
The systems use radio signals to report when monitored doors and windows are opened, but fail to encrypt or authenticate the signals being sent from sensors on the doors and windows to control panels. That would allow an attacker to intercept the data, decipher the commands, and manipulate them via a “replay” attack on the control panels.
Signals can also be jammed, preventing them from reaching the control box, Zetter reports.
Read more over at Wired.com: How Thieves Can Hack and Disable Your Home Alarm System | Threat Level | WIRED.
[An earlier version of this story incorrectly identified Mr. Lamb’s employer, Oak Ridge National Laboratory. The story has been corrected. – PFR 7/23/2014]