Indianapolis News and Headlines


CALL 6: Wireless alarms vulnerable to hackers

Posted at 10:30 PM, May 02, 2016
and last updated 2016-05-03 00:00:27-04

INDIANAPOLIS -- Home security systems have been around for decades, but these days they're more advanced, cheaper to own, and much easier to install.

In the past, alarm system companies would have to run wires all over your home. Every sensor from your doors to your windows had to have a wire running to it.

Today, most of the wires have been traded out for fully wireless systems.

But those wireless alarm systems have flaws, according to tech experts. Every system is different, but they say there are some hacks that can let a burglar get into your home completely unnoticed.

Call 6 Investigates began looking into alarm systems when tech security company IO Active released findings about vulnerability in the country's fast-growing DIY security system, SimpliSafe.

"Consumers of this product need to know the product is inherently insecure and vulnerable to even a low-level attacker," said the report from IO Active.

READ MORE | SimpliSafe security advisory from IO Active

The tech security company goes on to say that many unsuspecting consumers prominently display window and yard signs promoting their use of this system and could essentially be identifying their home as a target for a hack known as a replay attack.

According to Indianapolis security giant, Rook Security, you can easily find information about how to hack into the SimpliSafe system with a quick search on the internet, and the parts you need to pull it off are easily available online as well.

"It's very simple, you can purchase a device for about $20. A little bit of technical know-how and knowing how to translate that to some code so you can repeat it," said Tom Gorup, Security Operations Lead at Rook Security.

Call 6 Investigates reached out to SimpliSafe but the company never answered our request for an interview. Instead we were directed to a statement online which reads, in part, "The hack described is sophisticated and highly unlikely."

Gorup doesn't agree with SimpliSafe, "That's an opinion. There are plenty of technical 12-year-olds out there that could easily pull off a replay attack on a wireless device like that."

During our Call 6 Investigation we found a much larger problem with wireless alarm systems, a hack called 'jamming.'

"Some of the older systems were based off the phone line when you had an external phone line coming into the house, that could actually be cut," said Daniel Ford, Forensic Analyst, Rook Security. "This is the same kind of theory. Digitally cutting off the connection to the outside world."

Although illegal to do, it's a pretty simple process. 'How to' guides can be found on the internet and the equipment is fairly cheap to buy. 

In simple terms, jamming is flooding the airwaves with virtual white noise. Ford says it's like someone is shouting through a megaphone while you are trying to have a conversation. 

Rook Security showed us how it works. In a closed environment, we used a simple ham radio purchased on Amazon. We then held down the push to talk button on the same frequency that the alarm system used to communicate with its sensors. As long as we pushed down on the button, the sensors never sent an alarm to the base.

"Since I jammed it, no sensor relay is happening. So if I move in front of the motion sensor, it isn't getting back to the device," said Ford.

The frequencies that the sensors operate on are easy to find on the internet. You might also be making it easier for thieves to find what system you have if you put an alarm system sign in your front yard.

"I could easily research what security system you own because a lot of people have those signs out front," said Ford. "If I know what device you're running and what frequency it is on, I can have an attack up in ten minutes."

This hack doesn't just affect the cheap DIY systems. Experts have been able to jam signals in many of the more expensive, professional installed systems as well.

They say they've been able to successfully jam signals from systems like ADT, Xfinity and Brighthouse.

Security experts say that wireless security companies do take steps to stop the threat of jamming attacks.

For instance, SimpliSafe utilizes an algorithm that can send you an alert if it thinks the system is being jammed, but it won't sound the alarm.

Getting that text or alerting the alarm's monitoring center of a possible jamming attack can also prove to be an issue, because many of the current alarm systems use a cell phone connection to call the alarm company.

Although jamming is illegal, it can be done on any frequency.

Alarm system providers are constantly searching and implementing for new anti-jamming techniques, experts say.

At the end of the day, having an alarm system is better than not having one, according to the Indianapolis Metropolitan Police Department. "Anything that a homeowner can install that can deter a theft is going to be better than not having anything at all," said Officer Jim Gillespie.