Menu
Popular home security system SimpliSafe can be easily disabled by burglars

Popular home security system SimpliSafe can be easily disabled by burglars

There's no easy fix and systems need to be replaced, security researchers said

It's not unusual to hear of vulnerabilities in smart-home security systems these days, as security researchers turn their attention to the Internet of Things. It's worrying, though, when a modern security system turns out to be vulnerable to a so-called replay attack, the kind of thing that worked against garage door openers back in the 1990s.

The latest example is SimpliSafe, a wireless alarm system that's marketed as cheaper and easier to install than traditional wired home security systems. Its manufacturer claims that the system is used in over 200,000 homes in the U.S.

According to Andrew Zonenberg, a researcher with security consultancy firm IOActive, attackers can easily disable SimpliSafe alarms from up to 30 meters away, using a device that costs around $250 to create a replay attack.

SimpliSafe has two main components, a keypad and a base station, that communicate with each using radio signals. The base station also listens for incoming signals from a variety of sensors.

Zonenberg found that the confirmation signal sent by the keypad to the base station when the correct PIN is entered can be sniffed and then later played back to disarm the system. Recovering the actual PIN is not necessary, since the "PIN entered" packet can be replayed as a whole.

This is possible because there is no cryptographic authentication between the keypad and the base station.

To pull off the attack, Zonenberg bought a SimpliSafe key pad and base station and then soldered a generic microcontroller board to them. With a few hundred lines of C code the gadget can listen for incoming 433 MHz radio traffic and capture "PIN entered" packets from other SimpliSafe key pads located within 100 feet.

When the owner of a real SimpliSafe system enters the correct PIN, a device like Zonenberg's that's hidden in its vicinity will capture the confirmation packet and will store it in memory. The attacker can use the device to resend the packet to the base station at a later time, for example when the home owner is away. This will disarm the alarm.

Fixing the problem would require SimpliSafe to add authentication and encryption to the system's communications protocol, so that base stations will only accept signals from authorized key pads.

Unfortunately such changes can't be made to existing SimpliSafe systems, because the microcontrollers they use cannot be reprogrammed, Zonenberg said in a blog post Wednesday. "This means that field upgrades of existing systems are not possible; all existing keypads and base stations will need to be replaced."

According to Zonenberg, the attack is inexpensive and can be implemented even by low-level attackers, especially if they pay someone else to build the sniffing device for them. To make matters worse, the manufacturer provides "Protected by SimpliSafe" warning signs that users can display on their windows or in their yards, inadvertently marking their homes as potential targets.

SimpliSafe did not immediately respond to a request for comment.


Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Featured

Slideshows

Kiwi channel comes together for another round of After Hours

Kiwi channel comes together for another round of After Hours

The channel came together for another round of After Hours, with a bumper crowd of distributors, vendors and partners descending on The Jefferson in Auckland. Photos by Maria Stefina.​

Kiwi channel comes together for another round of After Hours
Consegna comes to town with AWS cloud offerings launch in Auckland

Consegna comes to town with AWS cloud offerings launch in Auckland

Emerging start-up Consegna has officially launched its cloud offerings in the New Zealand market, through a kick-off event held at Seafarers Building in Auckland.​ Founded in June 2016, the Auckland-based business is backed by AWS and supported by a global team of cloud specialists, leveraging global managed services partnerships with Rackspace locally.

Consegna comes to town with AWS cloud offerings launch in Auckland
Veritas honours top performing trans-Tasman partners

Veritas honours top performing trans-Tasman partners

Veritas honoured its top performing partners across the channel in Australia and New Zealand, recognising innovation and excellence on both sides of the Tasman. Revealed under the Vivid lights in Sydney, Intalock claimed the coveted Partner of the Year 2017 (Pacific) award, with Data#3 acknowledged for 12 months of strong growth across the market. Meanwhile, Datacom took home the New Zealand honours, with Global Storage and Insentra winning service provider and consulting awards respectively. Dicker Data was recognised as the standout distributor of the year, while Hitachi Data Systems claimed the alliance partner award. Photos by Bob Seary.

Veritas honours top performing trans-Tasman partners
Show Comments