When it comes to burglary, we often imagine individuals who use brute force or common tools to break into your doors and windows (see how to use a credit card to open a door), take all your valuables, and then attempt to run away before police arrive. Our existing security systems are designed for for those kind of criminals. But with the rise of smart security systems, what if criminals have learned to bypass your system and disable your alarms?
Although FBI has yet to release reports of burglars who actually hacked a security system to break into a house, it is worth knowing that there our technology today is not 100% fail proof. That’s likely because police departments don’t report that type of information or don’t have any evidence to know that’s what happened even if it did. That's why it's so important to layer your security controls with supplemental things like perimeter alarms or driveway alarms and hardening your doors.
This post will review some of the popular home security systems that have been hacked and how the companies responded to the vulnerabilities.
We have summarized a list of breached security systems and how the companies handled the issues:
Wireless transmissions can be recorded by a third party and reuse data packets to disable the alarms.
Company promised to update their hardware to incorporate an upgradeable firmware.
Authentication can be bypassed using SSL certificate validation, authentication and access control.
Company promised to improve their firmware to protect the system from hacking incidents.
Failure to encrypt communication signals which can be intercepted by a SDR device.
Company promised to come up with plans to fix the vulnerabilities, but did not address the encryption issues.
Failure to encrypt communication signals which can be intercepted by a SDR device.
ADT settled a $16 million class action lawsuit to resolve hacking allegations.
Failure to encrypt communication signals, lack serial authentication which allows a third party to view from your camera, and SSD and PSK not removed despite of factory resetting.
Company was able to fix the serial switching problems and willing to update their firmware to solve the factory reset and PSK issues. However, no specific solutions yet were provided for the unencrypted communication issues.
Want to learn more about how these security systems compare to others?
If you're reading about these security systems and wondering what the other options are, we've got your back! We put together a comprehensive comparison of security systems at https://24-7-home-security.com/home-security-system-comparison-tool/
How to Hack Simplisafe
IOActive, security consulting firm from Seattle, confirmed that Simplisafe can be hacked by recording wireless transmissions between its system components. The researchers from the firm tested the devices in August 2015 using external microcontrollers and some codes to be able to listen to the wireless transmissions from Simplisafe’s system components. An intruder only needs to set-up the device about 100 feet from your home, and record the code whenever you disarm the system. The data packet is then transmitted to the hacking device. From then on, the hacker can simply resend the data packet to the Simplisafe device to disarm the system anytime.
- Simple to set up. Seriously secure - Get ready to protect right out of the box. Just plug in the base...
- 24/7 professional monitoring for faster police response - With optional monitoring services, our agents...
- Complete control of your system with the SimpliSafe App - Arm, disarm and protect anytime, anywhere.
Did SimpliSafe Fix the Vulnerabilities of their Security System?
On the other side, Simplisafe says the hacking method is unlikely to happen as none of their customers ever reported burglary connected to unexplained disarm events. The company also promised to update their hardware to incorporate upgradeable firmware so that customers can be protected from hacking events like this. We could find no confirmation the fix ever happened.
With the rise of connected smart homes, more and more security systems are being exposed, and iSmartAlarm is no exception. It was discovered that a hacker can simply bypass the system’s authentication to turn off the alarm, allowing intruders to break into your home without a trace. The flaw of the system was verified by Ilia Shnaidman in 2017, the Head of Security Research from BullGuard’s Dojo.
- iPhone and Android smartphone enabled
- Free phone alerts, text message alerts, push notifications and Email alerts
- No monthly fees, no contracts required
Exploiting iSmartAlarm with Command Playback
The company designed the components such as the sensors, locks and cameras to connect to an app via the internet. A hacker can then exploit the SSL certificate validation, authentication and access control of the system. So if an intruder knows the flaws of the system, he can simply use it to disable your alarms and break into your home anytime.
iSmartAlarm’s Response to the Disclosed Vulnerabilities of their System
iSmartAlarm has not addressed the specific issues but promised to improve their firmware to protect the system from hacking incidents. If you are a user of the security system, you are advised check for updates regularly and take off any stickers containing information about your devices.
How Vivint Camera Was Hacked
Cybersecurity researcher Logan Lamb discovered early 2014 a security flaw from Vivint by using a friend’s 2GIG Go!Control panel. Using a SDR (software-defined radio) device, he was able to bypass the system by suppressing the alarm at will.
Exploiting Vivint’s Security System with Command Playback
Logan exposed that even though we have modern designs for the security systems today, the technology used behind these systems were still from the 90s. The wireless communications failed to encrypt or authenticate signals which allow him to send his own signals to the control panel and do things he wishes.
Hacking Vivint’s Security System With Jamming
Sophisticated SDRs can simply interfere with the transmissions, falsely turn your alarm off, or jam your system from 65 to 250 yards away.
With these findings, it means that a tech-savvy burglar can simply disarm your system to get your stuff without a trace or a prankster can control your devices and even watch you while you’re asleep without your knowledge.
Vivint’s Response to the Vulnerabilities
Vivint has investigated the case and promised to come up with plans to fix the vulnerabilities. However, they have also mentioned that range and battery performance can be affected if encryption will be implemented in their communication systems. Considering that it is unlikely for burglars to use Logan’s method to break into homes, they’ve decided that using encryption was not worth it.
In case you've changed your mind with Vivint, you can read our post about what happens if you break contract with Vivint.
Exploiting ADT’s security system with Command Playback
Logan Lamb was also able to play around with an ADT security system using another system. The problem he has discovered was almost same with Vivint - the failure to encrypt sent signals which makes intruders intercept signals, send commands, and manipulate the control panels to turn the alarms on and off. Despite using different hardware designs, the system was basically no different from other wireless systems that can be easily hacked.
Wireless systems depend on radio frequency signals to transmit signals from the sensors to the control panel. A tech-savvy intruder can manipulate this using a SDR so he can turn on or off the alarms whenever he wants to. And what’s even more alarming is that anyone can buy an SDR as cheap as $10 on Amazon.
Did ADT fix the vulnerability in their security systems?
ADT was dismissive about the findings and claimed that they have never received a report of a hacking incident using this method. Despite this, ADT settled a $16 million class action lawsuit to resolve allegations regarding the company’s failure to disclose the product’s vulnerabilities due to lack of encryptions.
How Swann Security Was Hacked
Exploiting with Command Playback
Swann is an Australian firm that sells security systems to almost all countries, including the US. However, just like the other security systems exposed, it was not exempted from the vulnerability allegations.
Silvio Cesare from Qualys discovered that Swann security systems can be hacked due to unencrypted communication signals. This enables hackers to intercept signals, send commands, and play with the control panels. Moreover, Cesare was able to capture stored passwords using a microcontroller, creating another flaw that an intruder might use to disarm the system.
- 4K UHD DVR CCTV SECURITY CAMERA SYSTEM WITH ENFORCER DETERRENCE: Protect your home or business with this...
- SECURITY MADE SMARTER: Receive alerts when activity is detected! See, store & playback footage from all...
- CONTINUOUS 24/7 RECORDING ENABLED: With a pre-installed 2TB HDD, users are provided an option of 24/7...
Public Video Camera Feeds!
On top of that, Pen Test Partners researchers Andrew Tierney, Chris Wade and Ken Munro, University of Surrey professor Alan Woodward, Scott Helme BBC hacker, and independent researcher Vangelis Stykas were able to switch video feeds from Swann security cameras. This was easily done since the cameras use its serial number to connect to their cloud service. The API would be able to authenticate you but at the same time allow you to view particular cameras whether you’re authorised or not.
Don’t sell or return your camera, your network may be at risk
Another discovery was that resetting your camera will not remove the SSID and pre-shared keys of the previous wireless networks the device was connected. If somebody else will get your camera (for example, you’ve decided to sell or give it to someone else) it’s possible that the next user can access details from your network.
Swann’s Reaction to the Vulnerabilities
Swann was able to fix the serial switching problems. They were also willing to update their firmware to solve the factory reset and PSK issues. Thus, users need to make sure that their firmware and apps are updated regularly to the latest versions. As for the security system, Swann has yet to make a statement regarding the unencrypted communication.
Additional Security Tips to Consider
As mentioned, security systems doesn’t fully guarantee 100% protection. Most security systems today are still dependent on radio frequencies for communication which, without proper encryption and obfuscation of commands, can still be accessed by criminals. Unfortunately, most security companies are dismissive of the vulnerabilities since it is unlikely burglars would be smart enough to hack your system. But for researchers, this statement is still debatable and a subject of concern. After all, anyone with an internet connection can learn how to do it in a few minutes.
For your reference, we have listed below some of the security systems that we believe are the least vulnerable to exploitations or, at least, have never been reported for hacking issues (however, if you do have some news or info reporting any hacking issues of these systems, do let us know in the comment section):
- Link Interactive
- Protect America
- Nest Secure
- AT&T Digital Life
- August Smart Lock Pro
Hi, I’m Christy, and I’m an electronics engineer by profession. I have taught in a university for 2 years while pursuing my master’s degree in cognitive radio and worked for a company to develop wireless medical devices. Currently, I’m doing research for a doctorate degree in engineering using a wireless sensor network for smart agriculture. I’ve been active in our local IoT community, IoT Cebu, where I participate in conducting talks about Arduino, Raspberry Pi, and DIY home automation using Wi-Fi and ZigBee devices.
Last update on 2023-05-25 / Affiliate links / Images from Amazon Product Advertising API
6 thoughts on “How Your Security System Could Be Hacked”
Well done article! You are a wiz! I believe I live in the apartment under another wiz but this one is the wicked kind. He has bin breaking into my apartment for years and what became a long list of missing items + my MacBook’s login request lost from one day to another and finding 2 unknown devices listed under SHARED plus his knocking on my door asking to share my internet (a router he could not hack) that I did not, plus removing my front door carpet and placing it in front of his…. to test how dumb I am, it all added up after years to wake me up I was up and against something UNNATURAL.
After several key locks upgrades to include a digital and having no success, I installed the top of the alarm system in Germany. DAITEM. He has been playing “catch me if you can” because of letting me know each time he would walk in by taking something small but obvious. (To be continued p.2)
After the alarm system setup, shortly after I noticed he was hacking my business website, because I work from home, his hacking my life intensified and as i tried to get away from him, he was hacking every where I went to. Long story. But I would like to bring up the alarm system choice because after i was feeling safe for a while, there is one missing item I’ve noticed. He could have stopped the game and walking in without taking something leaving me no clue. If you are up for the challenge, please look into the brand I mentioned. You are also welcome to stay in my place in berlin to hack him back ; )
After the door floor carpet event, I installed a WiFi camera in a second internet provider router (Vodafone easy to hack routers for him) but he turned the camera of before walk-in to find out why the first router he was using stopped working. My trap. He didn’t like that one and with a close fist hit a door of a shelf to brake the hinch. The police here can’t do much about it without much evidence.
Germany needs a wiz like you!
AT&T Digital Life/Xfinity Home/Nest/Ring
Easily disabled by cutting the coaxial cable sticking out of the side of the home. Cut the cable, Internet goes down, security goes down.
Yep, that’s true for any system without an alert when it looses connectivity or a cellular backup.
Would you suggest staying with a hard wired system? That is what I have now (ADT) but I am considering switching to wireless. possibles a system that’s I can buy out so I am not tied to any one company. Please advise.
Most burglaries are smash and grab types of affairs (see https://24-7-home-security.com/use-home-burglary-statistics-prioritize-improvements/ for more stats). So, jamming and hacking attacks certainly aren’t the most common. That being said, a wired system should be more reliable (just more expensive to install). Since you already have equipment, I would suggest installing your own security panel or looking into a solution like a Konnected panel (see our review at https://24-7-home-security.com/konnected-review/) that will use your existing sensors.