back to article SimpliSafe home alarms transmit PIN unlock codes in the clear – ideal for lurking burglars

If you've got a SimpliSafe wireless home alarm system, as hundreds of thousands of homes in the US apparently do, then it's time to buy a new alarm system because yours is screwed. SimpliSafe markets itself as a wireless home alarm system that eliminates all those fiddly wires from sensors. Sadly, the engineers behind the …

  1. disgruntled yank Silver badge

    problem

    All the home security signs that I see name the local company that installs and monitors the alarms, not the vendors that make the equipment. Perhaps a bit of research on the alarm company sites would tell prospective burglars where to look.

  2. Anonymous Coward
    Anonymous Coward

    They deserve GUNishment!

    Yeah but, all properties in America still have locks and bolts on their doors and windows don't they?...not to mention battlefield assault rifles and 9millies...so its still going to be a bit dicky for any burglar to break in irregardless of the bobbins alarm system.....wait a minute what if the FBI had a word in the ear of SimpiSafe?...could've asked them to put a 'backdoor' in the backdoor!...and the front door and the lavvie window and the cat flap....

    1. a_yank_lurker Silver badge

      Re: They deserve GUNishment!

      If no one is home, the preferred time to strike, there is problem of the alarm system. But if it can be turned off before breaking in no one knows what has happened for possibly hours or even days later.

      1. John Tserkezis

        Re: They deserve GUNishment!

        "for possibly hours or even days later."

        Or until you realise your TV is missing?

  3. Anonymous Coward
    Anonymous Coward

    "[...] radio-based system cost about $250 [...]"

    433mhz transmitter/receiver modules for this sort of common radio signalling are only one or two pounds/dollars. Combine them with an Arduino UNO or NANO and you are away. Under $20 I would think.

    I have that combination spoofing my Byron door bells and PIR detectors. It rings the door bells dotted round the house with one chime if someone approaches the house. It uses a different chime if they press the door bell.

  4. Anonymous Coward
    Anonymous Coward

    Not enough nonces?

    When has that ever been a good thing?

  5. Trigonoceps occipitalis

    At Times

    I despair of my fellow humans. Very much Homo Non-sapiens.

  6. John Smith 19 Gold badge
    Unhappy

    Who doubts this has not *already* been done in the wild?

    IE by burglars out burglaring.

    Always been sus about wireless burglar alarms.

    figured the "I'm still here" beacon signals the sensors would have to send to the main unit would eat batteries.

    Never considered the security would be so s**t as well

    1. DougS Silver badge

      Re: Who doubts this has not *already* been done in the wild?

      These are low end systems that would be installed in houses burgled by low end burglars. I doubt the guys robbing houses with these alarms are anywhere near smart enough to do this analysis. If they were, they'd do a similar analysis against higher end systems, and no doubt find weaknesses in them (though hopefully not this bad) and be able to rob a home owned by "lifestyles of the rich and famous" instead of that garish McMansion down the block.

      1. Ken Hagan Gold badge

        Re: Who doubts this has not *already* been done in the wild?

        The guys robbing these houses buy the kit off someone who is smart enough to build it and also smart enough not to be the guy taking the risk of using it.

  7. frank ly Silver badge

    "... said he contacted the biz repeatedly ..."

    He was far too kind to them.

  8. Anonymous Coward
    Anonymous Coward

    1900 feet?

    I have one of these shitty things. The keypad and base unit are less than 7 feet apart and can't hold sync. 1900 feet is...optimistic?

    1. Hans 1 Silver badge

      Re: 1900 feet?

      Get a few raspberry pi's/arduino's and build a system yourself.

      1. Paul Hayes 1

        Re: 1900 feet?

        +1

        but the stupid thing is, if you do that you are more than likely invalidating your house insurance. Whereas these hopelessly insecure systems will be on approved lists I bet.

  9. Andy A

    By the wonders of the scripts which attempt to show us "relevant" ads, at the top of this comments page I see a huge banner ad for

    *SIMPLISAFE*.

  10. Anonymous Coward
    Anonymous Coward

    Who not jam the lot?

    These things auto-configure insofar that adding a sensor only involves setting a send ID or channel - there is usually no attempt to verify a sensor is still active and connected.

    All you need to do is enable a jammer near the alarm box and it won't be able to pick up a sensor signal, staying nice and quiet while you empty the place. You could even go for really pissing off the owner by taking away the sensors too.

    Alarms (and cameras) and wireless? Just say no.

    1. Calleb III

      Re: Who not jam the lot?

      Not sure how the wireless ones work but i'm fairly sure the wired operate a kind of hearth beat, meaning that when you cut the cord it's equal to triggering the sensor. The jammers are used to block the outgoing call to the security company.

      1. Anonymous Coward
        Anonymous Coward

        Re: Who not jam the lot?

        That's my point, a wired system tends to have wire break detection by default, even the cheap ones are typically set up to break on alarm - still easy to rig if the installer hasn't been creative with multi-wire cable, but that requires physical access first.

        The wireless variety is typically set up to work on batteries, and heartbeats don't exactly help there, also because you also get an alarm when a battery fails, and that tires quickly if you have a bunch of them doing this at different times.

    2. Anonymous Coward
      Anonymous Coward

      Re: Who not jam the lot?

      Most "proper" CCTV wireless systems use 5.8xxxGhz.

      There are no (readily available) jammers capable of jamming that frequency.

      2.4Ghz on the other hand, well, that's a piece 'o piss to jam....

      But I agree, wireless alarms are a no-no.

  11. Anonymous Coward
    Anonymous Coward

    *yawn*

    *mumbles something about vulnerabilities from the 1990's*....

  12. 2StrokeRider

    Well...caveat emptor. Warnings about simplisafe proprietary systems have been on the Interwebs for quite a while. I'm sure other systems have issues as well, but they have a reputation for a huge advert budget and old tech systems that can't be taken to another monitoring company if you decide to change.

    I did a bit of research before getting my system and bought mine outright. Made sure sensors were unique key and only could be added/removed in program mode. Disabled remote arm/disarm. Changed all levels of PINs. Hired a monitoring firm and bought their cell network card for my system from them.

    Can it be bypassed? Sure. Time+knowledge will allow entry into most any system.

  13. unredeemed

    Simplisafe as a business has a fault. They are only a smidgen of a step above a traditional alarm company, but still act like a legacy alarm company.

    Their customer communication SUCKS.

    Add to that, they refuse to acknowledge the "Cloud." Things like IFTTT, integration into other devices like NEST, ECHO, etc...

    Ask them about it, and a single person who is responsible for marketing and communication will reply with a canned response a hundred times over with the same BS corporate line. Proof is in their user forums about that...

    I've been meaning to email their head developer and CEO via linkedin, but have yet to figure out their email aliases... So I haven't been putting much thought into it.

    It's the alarm I wanted due to it's sensor options. But hate their lack of internet integration (without a subscription)

  14. Anonymous Coward
    Anonymous Coward

    There is a well known brand, sold by a number of DIY chains, that has a similar issue. They use off the shelf chips with a finite number of codes and have no jamming or brute force detection at all. Wall down most streets and look for the bright yellow solar powered box.

    Wired systems have come a long way. Even basic systems now use either digital monitoring of sensors or a wiring scheme called eol that has two or more resistors. Open circuit the wire, thats a tamper. Short it, that's a tamper too. You need to know the exact two resistors and what contacts they are sat on and even a few mS anomaly on the wiring will wake more sophisticated systems and start all sorts of monitoring.

    AFAIK wireless is only considered secure for insurance with encryption on all end points and anti jamming.

    Basic code hopping would defeat this issue as the co shouldnt speak to any device it has no knowledge of. OK not perfect but better than nothing at all.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019