Sign in / up

back to article Three home security systems found to be vulnerable – if hackers were hiding in bushes

Three home security systems were riddled with bugs, according to new research made public this week. Rapid7 found 10 vulnerabilities after putting Comcast XFINITY, ADT, and AT&T Digital Life systems through their paces. The issues range from a "fail open" condition on the external door and window sensors, to weak, pre-shared …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. Mage Silver badge

    Security

    All "wireless" security sensors / cameras are pointless. Only use wired.

    Perimeter Access denial is better even than professional alarm gear.

    Home DIY "security" gear is mostly junk. Maybe suitable for watching calves in real time.

    I've been brought warehouse security recordings where the thieves were less pixels than a 1980s video game.

    "Can you enhance it?" says cop1

    "Who you would you like it to be?

    "Don't tempt us," says cop2

    "A disposable film camera tripped by the motion sensor would be better than this. Even HD Video would be useless for this amount of area"

    "So it's useless?" asks cop1

    "Yes. Better shutters would be more effective."

    11 0 Reply
  2. Steve Davies 3 Silver badge
    Mushroom

    Even El Trumpo is vunerable

    https://it.slashdot.org/story/17/05/18/0618248/any-half-decent-hacker-could-break-into-mar-a-lago

    Open wiFi networks, printers and other stuff.

    Don't the Secret Service check the place before he goes to play that round of golf every week?

    Just throw oll that crap out and dump it suitably crushed back to the companies that are flogging it.

    And make them pay to clean it up.

    4 1 Reply
  3. JaitcH
    FAIL

    Anything radio has vulnerabilities

    Some systems use cell radio for alarm links.

    They are easy to locate and even easier to jam. Hard to beat continuous transmission over wire.

    4 0 Reply
    1. Anonymous Coward
      Reply Icon
      Anonymous Coward

      Re: Anything radio has vulnerabilities

      Because wires are so difficult to cut?

      2 3 Reply
      1. Anonymous Coward
        Reply Icon
        Anonymous Coward

        Re: Anything radio has vulnerabilities

        "Because wires are so difficult to cut?"

        They bloody are given how far underground I put them in conduit, good luck even finding out where they are without some pretty specialist gear. Above ground you'll be needing a pretty large sledge hammer to get through the steel reinforced conc post.

        I'll probably notice all that.

        4 0 Reply
        1. Anonymous Coward
          Reply Icon
          Anonymous Coward

          Re: Anything radio has vulnerabilities

          Sorry I was speaking about the portion of the world where XFINITY, ADT, and Digital Life operate. It's where 99.984% of the wires run to a junction box not unlike this one. Then again calling it a junction box is a bit of a stretch at times.

          2 0 Reply
          1. kain preacher
            Reply Icon

            Re: Anything radio has vulnerabilities

            That last picture is of lazy workman ship. They should of used a 5 line spliters instead two 3 spliters. Then there is no terminator cap. That spliter will be bad in a year and yes it should of been in a box.

            0 0 Reply
        2. Anonymous Coward
          Reply Icon
          Anonymous Coward

          Re: Anything radio has vulnerabilities

          @gerdesj .... sheesh .... move to a better neighborhood. My doors are unlocked most of the day even when I'm out. Often they are unlocked at night too.

          AC because ...... of the above and hence in this instance obscurity really is good for security

          0 0 Reply
          1. Anonymous Coward
            Reply Icon
            Anonymous Coward

            Re: Anything radio has vulnerabilities

            "sheesh .... move to a better neighborhood. My doors are unlocked most of the day even when I'm out. Often they are unlocked at night too."

            The perfect solution. Everyone should just move to a better neighbourhood. High crime in Hounslow? Move everyone from Hounslow to Twickenham. Problem solved.

            0 0 Reply
        3. kain preacher
          Reply Icon

          Re: Anything radio has vulnerabilities

          Phone lines are easy to locate on the side of the building.

          0 0 Reply
        4. DropBear
          Reply Icon

          Re: Anything radio has vulnerabilities

          "They bloody are given how far underground I put them in conduit, good luck even finding out where they are without some pretty specialist gear. "

          Good luck digging it all up to install that extra one you just realized you needed somewhere there wasn't one before...

          0 0 Reply
      2. Commswonk
        Reply Icon

        Re: Anything radio has vulnerabilities

        Because wires are so difficult to cut?

        Quite; but a properly designed security system can detect a cut wire and react accordingly. In some systems adding a wire connection in an attempt to conceal the attack can also be detected because it isn't just "a piece of wire" but a resistance of known value that sits in a bridge circuit where any imbalance can be detected immediately and again used to trigger the alarm.

        1 0 Reply
  4. druck Silver badge
    Holmes

    Don't leave the back door open

    Even if a wireless system could hacked, as long as it can remind you that you've left the back door unlocked, or an accessible window open, before you leave the house or go to bed, it is useful. Most burglars are opportunistic, they would rather find an unlocked door than to physically break in.

    So make sure you have good door and window locks and that something that ensures you are actually using them. Then supplement this measures to make opportunists try elsewhere instead, such as an obvious alarm box or well placed CCTV cameras, even fake ones can be effective.

    1 0 Reply
    1. a_yank_lurker
      Reply Icon

      Re: Don't leave the back door open

      @druck - There was a show over year a few years back were a couple of ex-cons should people how easy it is to break into one's house (with owner's permission). Most thieves are not going to target any house they believe has a security system. Also, it is not very likely they are going to carry the necessary gear to break in a typical person's home with them.

      A security company sign in your yard is very effective, thieves do not want to chance tripping it.

      3 0 Reply
      1. Anonymous Coward
        Reply Icon
        Anonymous Coward

        Re: Don't leave the back door open

        "Most thieves are not going to target any house they believe has a security system."

        Where I live a security system would be like painting "I have plenty worth stealing" on the front of the house.

        3 0 Reply
  5. hellwig

    Proximity

    Potential hackers would need to be physically close to their target to attempt to abuse any of these vulnerabilities, according to Rapid7. Remote hacks over the internet would not be possible but with proximity all manner of mischief is possible.

    Yes, because there's nothing Russian script kiddies like more than disabling a person's door alarms from thousands of miles away.

    I can't possibly conceive of why someone would want to be right next to the house containing the security alarm system they're hacking. No reason at all.

    5 0 Reply
    1. Arachnoid
      Reply Icon

      Re: Proximity

      Fly-by Drones with wifi,the potential thief has no need to expose himself to get close access

      0 0 Reply
  6. John Smith 19 Gold badge
    Unhappy

    Wireless is one of those ideas that sounds good but is rubbish.

    Pros

    Saves running 4 core alarm cable.

    Cons

    One security hole for every device.

    Typically eats batteries

    Another IoT PoS.

    A wireless system that was not just an expensive waste of money would need to use passive sensors that don't need battery replacement and a company that accepted it needed to issue updates as loopholes got found, which looks to be regular thing.

    0 0 Reply
    1. Baldrickk
      Reply Icon

      Re: Wireless is one of those ideas that sounds good but is rubbish.

      Wireless infrared sensors will typically use a single D-Cell battery and last over a year (guidance to replace once a year)

      Magnetic door sensors will run on two AAs and have a similar lifetime.

      The battery life of these alarm system sensors is not a major consideration.

      1 0 Reply
      1. DropBear
        Reply Icon

        Re: Wireless is one of those ideas that sounds good but is rubbish.

        Not to mention there might be plenty of places you really don't want to drag a cable run to, that still have a 220V socket somewhere relatively nearby...

        0 0 Reply
  7. handleoclast
    Coat

    Fermi Paradox Solved

    Fermi posed a (so-called) paradox: "Where are they?" Meaning if life is common in the universe why haven't alien civilizations made themselves known to us one way or another?

    One possibility is that alien civilizations destroy themselves before they become visible to us. I believe I have identified the mechanism.

    1) Civilization invents a planet-wide networking system.

    2) Civilization hooks up essential services to planet-wide networking system.

    3) Civilization invents Network Of Shit technology.

    4) NoS hacking effectively wipes out planet-wide network with DDoS attacks.

    5) Essential services, reliant on planet-wide network, fail.

    6) Civilization collapses.

    3 0 Reply
  8. Black Rat

    Meanwhile a long way back in the bush

    During the happy days when most routers used WEP encryption my personal best for an urban WiFi hack was about 100 meters using a relatively small homemade Yagi antenna and a stock wireless dongle. Though the bandwidth sucked it was no worse than dial-up, plenty enough to get online or pwn the owners box.

    0 0 Reply
  9. DropBear

    Just a moment there...

    - "fail open" is a perfectly valid choice to this day in any security system, which is why you can buy "fail open" or "fail closed" locks in any security shop. It's always a conscious choice between "it never opens by accident but on a failure you're well and truly locked out" and "you can never get completely locked out (or in!) but on failure the door becomes unlocked". Without specific context on what your priorities are and what else is done to mitigate the drawbacks of one or the other (eg. independent alternative access with a key) neither is inherently "good" or "bad".

    - "pre-shared password" in a wireless context is effectively what we call "password protected access" meaning simply that the same ("pre-shared" = introduced a priori to both devices via an out-of-band channel, like keypads on each plus your fingers) password is used to build an encrypted connection instead of negotiating encryption primitives on-the-fly. It does not mean "factory-set common password identical over all devices, 'pre-shared' on page 5 of the manual" unless this is one of those trendy modern "it means whatever I want it to mean" usages of the expression...

    0 0 Reply
  10. CrazyOldCatMan Silver badge

    My alarm system is unhackable

    But can be persuaded by a nice juicy steak!

    1 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like