Wireless burglar alarms have vulnerabilities that allow intruders to access the system.
Security systems used by more than 0.2 million of households have an irreparable vulnerability, which allows tech-savvy thieves to release alerts hundreds of feet away.
The wireless home security system sold by SimpliSafe is cost-effective and easy to install because it does not require installation of cables to connect components. However, according to Andrew Zoneberg, a researcher at IOActive, a security company, the keys in the system use the same personal ID number and are not encrypted every time information is sent to the base station. This allows the system to be exposed to a so-called replay attack. Attackers can record the authentication code sent by a valid keyboard, this verification code will be used when a force command is sent through the same radio frequency.
"Unfortunately, because all the buttons sent by the system are unencrypted PIN, as long as you want to know, anyone is at your fingertips, there is no simple solution to this problem ." Zoneberg wrote in his blog published on Wednesday. In general, the vendor will fix this vulnerability by adding a password to the Protocol in a new firmware version. However, this approach is not feasible for affected SimpliSafe products because currently running hardware microcontroller is a one-time programmable program. This means that it is impossible to simply upgrade the existing system; all existing buttons and base stations need to be replaced.
To connect a hacker to the SimpliSafe base station, he only needs a hardware worth about $250 (£ 175) to build a microcontroller, and then calls hundreds of lines of code. After these one-time investments, intruders will hide hundreds of feet away from the base station, waiting for the user to activate or turn off the alarm. After that, attackers will use the captured PIN to send commands to close the alarm, so that they can quietly intrude into the victim's home system.
A spokesman for SimpliSafe did not immediately respond to comments related to this article. Zoneberg said he tried to contact the SimpliSafe official team through multiple channels, but he did not receive any response. According to the company's wide ln webpage, we can see that the home security system has more than 0.2 million users.
SimpliSafe is not the only anti-theft alarm system with defects found recently. Last month, researchers from the security company Rapid7 reported that the system could be damaged as long as intruders use radio interference devices to interfere with the internal communication of the Comcast home security system.