Security researchers in different parts of the world come to the same conclusion

Jul 24, 2014 22:07 GMT  ·  By

Two security researchers from different parts of the world experimented with wireless home alarm systems and discovered that they can be manipulated remotely to sneak into the protected environment without tripping them.

Logan Lamb, security researcher at Oak Ridge National Lab, conducted his work separately from the government and found top-selling alarm system brands to be vulnerable to remote hijacking of the signal that triggers the alert.

Testing more than a dozen of similar devices in Australia, Silvio Cesare found that they were plagued by the same flaw.

Both researchers talked to Wired and said that the wireless alarm systems used radio frequency signals for door and window sensors. If the system is armed, when a breach is detected, the signals are sent to a control system that starts the alarm.

However, it appears that the signals are not encrypted or authenticated in any way and there is the possibility to hijack and decode the commands, which can then be directed to the control panel at the will of the attacker.

Wired has learned that with a simple tool, an intruder can set false alarms from about 250 yards / 229 meters away. From a smaller distance (10 feet / 3 meters), the alarm can be completely disabled.

Apparently, the flaw lays in the fact that these home alarms rely on old standards (from mid-‘90s) for the wireless communication.

In one case, Cesare discovered another glitch, which allowed him access to the password that enabled and disabled the alarm.

He also found that some systems had a remote control that could be used to turn it on or off without entering the password. The commands were sent with no encryption applied and could be monitored from a distance.

Because the radio signals for the doors and windows are deployed any time, even when the alarm is disabled, an attacker could use a cheap tool to monitor them and establish patterns of the home owners’ activity in the house.

The tools to achieve all this are available for the public, and although a device for replaying the communication to the control panel is quite expensive, reaching about $1,700 / €1,263, burglars may see it as a great investment into their business.

It is worth noting that the two researchers conducted their experiments on home alarm systems, which do not offer as strong a security as commercial-grade ones used for protecting businesses.

Lamb and Cesare will present their findings at the Black Hat USA security conference in Las Vegas next week. The former is also set to show his research at the Defcon conference for hackers.