Menu
Popular home security system SimpliSafe can be easily disabled by burglars

Popular home security system SimpliSafe can be easily disabled by burglars

There's no easy fix and systems need to be replaced, security researchers said

It's not unusual to hear of vulnerabilities in smart-home security systems these days, as security researchers turn their attention to the Internet of Things. It's worrying, though, when a modern security system turns out to be vulnerable to a so-called replay attack, the kind of thing that worked against garage door openers back in the 1990s.

The latest example is SimpliSafe, a wireless alarm system that's marketed as cheaper and easier to install than traditional wired home security systems. Its manufacturer claims that the system is used in over 200,000 homes in the U.S.

According to Andrew Zonenberg, a researcher with security consultancy firm IOActive, attackers can easily disable SimpliSafe alarms from up to 30 meters away, using a device that costs around $250 to create a replay attack.

SimpliSafe has two main components, a keypad and a base station, that communicate with each using radio signals. The base station also listens for incoming signals from a variety of sensors.

Zonenberg found that the confirmation signal sent by the keypad to the base station when the correct PIN is entered can be sniffed and then later played back to disarm the system. Recovering the actual PIN is not necessary, since the "PIN entered" packet can be replayed as a whole.

This is possible because there is no cryptographic authentication between the keypad and the base station.

To pull off the attack, Zonenberg bought a SimpliSafe key pad and base station and then soldered a generic microcontroller board to them. With a few hundred lines of C code the gadget can listen for incoming 433 MHz radio traffic and capture "PIN entered" packets from other SimpliSafe key pads located within 100 feet.

When the owner of a real SimpliSafe system enters the correct PIN, a device like Zonenberg's that's hidden in its vicinity will capture the confirmation packet and will store it in memory. The attacker can use the device to resend the packet to the base station at a later time, for example when the home owner is away. This will disarm the alarm.

Fixing the problem would require SimpliSafe to add authentication and encryption to the system's communications protocol, so that base stations will only accept signals from authorized key pads.

Unfortunately such changes can't be made to existing SimpliSafe systems, because the microcontrollers they use cannot be reprogrammed, Zonenberg said in a blog post Wednesday. "This means that field upgrades of existing systems are not possible; all existing keypads and base stations will need to be replaced."

According to Zonenberg, the attack is inexpensive and can be implemented even by low-level attackers, especially if they pay someone else to build the sniffing device for them. To make matters worse, the manufacturer provides "Protected by SimpliSafe" warning signs that users can display on their windows or in their yards, inadvertently marking their homes as potential targets.

SimpliSafe did not immediately respond to a request for comment.

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Slideshows

IN PICTURES: Ingram Micro Innovation hits Auckland with Hewlett Packard Enterprise

IN PICTURES: Ingram Micro Innovation hits Auckland with Hewlett Packard Enterprise

Ingram Micro completed its nationwide roadshow in Auckland last month, kicking off its Innovation Hour series with Hewlett Packard Enterprise. Uncovering the latest in storage, networking and servers, the event outlined key market trends for resellers in 2016 and beyond.

IN PICTURES: Ingram Micro Innovation hits Auckland with Hewlett Packard Enterprise
IN PICTURES: FireEye celebrates channel at 2016 Partner Conference

IN PICTURES: FireEye celebrates channel at 2016 Partner Conference

FireEye welcomed 143 channel partners and distributors to FireEye's 2016 annual Partner Conference, FireEye A/NZ Momentum - held at Establishment in Sydney. Delegates heard from senior trans-Tasman channel leaders, marketing and the product divisions in the morning, with FireEye customers, incident responders and threat intelligence analysts sharing knowledge during the afternoon.

IN PICTURES: FireEye celebrates channel at 2016 Partner Conference
​IN PICTURES: Disruption in the data centre - Can the Kiwi channel capitalise?​

​IN PICTURES: Disruption in the data centre - Can the Kiwi channel capitalise?​

With New Zealand businesses now open to innovation, the industry sits on the cusp of significant disruption in the data centre. Driven by software-defined networking, the future of the data centre is fast becoming reality, as the channel seeks to keep up, keep innovating and keep growing. APC by Schneider Electric, Lenovo and key partners outlined how the channel can capitalise at The Grill restaurant in Auckland.

​IN PICTURES: Disruption in the data centre - Can the Kiwi channel capitalise?​
Show Comments