‎Consumer Reports: DYI Security Systems Hack with RF Jamming | SimpliSafe Support Home
 

Captain

 • 

6.2K Messages

Wednesday, February 23rd, 2022 7:35 PM

Consumer Reports: DYI Security Systems Hack with RF Jamming

A few years back a YouTuber reported SS, and other DYI wireless systems, could be hacked with a garage door key fob for under $3.  I did my own testing and found, as others, this was true but the intruder had to know the exact location of the sensor and the position of the base and put the key fob in direct line with it. For higher powered RF devices, however, it would work in larger areas, however SS would report the jamming activity.

Fast forward to today, and Consumer Reports has come out with the results of a recent study showing SS3, while vulnerable to this type of attack, will report the jamming to the owner. That's good, but here is what got me: ADT's wireless system prevented the jamming! For those that have been around in the forums for awhile know my dislike of ADT is very strong. Here's my question to Simplisafe: While you notify me of a jamming incident, why can't you stop the attempt in the first place like ADT? To be fair, SS was one of the few systems that could even detect and report the jamming, but c'mon, ADT can prevent it from being successful in the first place? Gauntlet thrown down SS, you have to address this. 

Below is the link to a local TV station's report but I encourage you, if you have an account with Consumers Reports, read the original referenced article. In it they have a full response from SS:

"

Glenn Gomes-Casseres, vice president of product and design at SimpliSafe, points out that these attacks are difficult to pull off in the first place.

“In order to jam a device, one would have to perfectly execute a highly nuanced protocol with devices specifically tuned and configured for this purpose,” says Gomes-Casseres. “And even if successful, thanks to SimpliSafe’s built-in detection, customers are alerted, and cameras are queued to record and capture evidence, during jamming attempts.”

Mr. Gomes-Casseres, congrats on the detection feature, now how about matching or exceeding ADT and the other systems that resist this type of attack?

https://www.ky3.com/2022/02/22/consumer-reports-hackable-home-security-systems/

Accepted Solution

Official Response

Community Admin

 • 

5.7K Messages

3 years ago

Hi Captain,

Thanks for sharing. For everyone else tuning in, here’s the full article from Consumer Reports with a more thorough comparison between different wireless systems. In their test, we were given a “Very Good” rating, and overall we continue to be ranked #1 for DIY Home Security Systems.

First, this goes without saying (and criminals may not care), but using a device to jam electronic communication is an FCC violation, and therefore against the law.  Secondly, given the sophistication involved, intruders are unlikely to use a targeted jamming attack.

That being said, as Consumer Reports notes, all wireless security systems are susceptible to highly advanced  jamming - but the intruder would have to target the right frequencies and have enough power. If Consumer Reports had used different equipment and test procedures, ADT’s system could have been jammed as well. And as you mention, SimpliSafe features intelligent jam detection, so you’ll get a warning by Push Notification,  as soon as an attempt is made. Right now, ADT Blue (ADT's newer wireless system) does not!

Of course, we are not content to rest here. We’re committed to your security from all manner of threats, and that includes developing solutions to even the most unlikely attack vectors - like jamming. We are continuing to evaluate potential vulnerabilities and update our security measures and technology to keep you safe.

(edited)

Captain

 • 

6.2K Messages

@davey_d​ Thank you for the comprehensive reply and the means for non CR subscribers to read the report. I do recommend you have this information added to the Help Center with a new article, and, this be part of an expanded subject matter in a soon to be released online webinar here in the community.  (Yes, a not so subtle hint it's time to expand the capabilities of the new community site and get SS associates in front of your customers. :-) 

44 Messages

@davey_d​ Would be good to offer an option in the control setting to have a jamming detection trigger the alarm automatically.  If it only sends you that detection notice if there is a real jamming attempt this should be optional automated.

Community Admin

 • 

5.7K Messages

That's a fair suggestion. The reasoning for the current state is that it's not easy to tell the difference between general interference and a targeted jamming attack. Since interference is less uncommon, having the Wireless Interference signal trigger a full alarm could generate more false alarms than real ones.

 

Of course, there's no harm in asking for more options! I'm sending this up.

2 Messages

3 years ago

Fix it fast, or lose business. Mr. Gomes-Casseres' words are NOT sufficient when the world is full of tech hackers who WILL read the CR article and immediately begin using their devices. Better to remove the SimpliSafe sign from the yard and windows and doors than invite that into our homes.

.Business now will go to:

"Blue by ADT, Ecobee, Honeywell Home, Kangaroo, and Ooma—successfully resisted jamming"

Captain

 • 

6.2K Messages

@richard78​ I am not familiar with Kangaroo or Ooma, but very familiar with ADT, Honeywell and, to a bit less extent, Ecobee. Family members who had Honeywell systems did not fare well for various reasons, mostly including support and connectivity. ADT, well, let's just say that I wouldn't trust them at any time for any reason, after being a customer for 11 years. Overall, SS is still my company and solution of choice, but yes, they have to have plans to address this.

2.8K Messages

3 years ago

So, SS is still putting lipstick on a pig.

"...And as you mention, SimpliSafe features intelligent jam detection, so you’ll get a warning by Push Notification,  as soon as an attempt is made."...

And such notification states what? "Wireless interference detected."?  If it says something different, please provide that info.

Have asked a million times since 2018, how does the customer know when a jamming event occurs vs wireless interference or some other interference?   SS has been incredibly vague about this for years (and let's not forget, SS2 users still have the code capture problem that will never be fixed, which was also downplayed).

For that matter, why does SS always downplay this stuff?  ("but everyone else can be hacked too!" and "you'd have to have super-duper sophisticated equipment to pull this off!"). SS shouldn't be concerned with everyone else.  SS should be concerned with your own customers.  You did it with SS2, you're doing it with SS3.  It's not "sophisticated", stop pretending it is.  It's been tested and determined to be a known flaw by pros, by laypersons, and by SS customers alike.  

If SS KNOWS a jamming event has occurred, send a push notification (and SMS/txt to those who don't have the phone app) to the user stating so, and not 'interference" which means absolutely nothing to the user.  Know what else is a problem?  Users becoming complacent with "interference detected" messages and just assuming it's some random, phantom occurrence in the home, even though they cannot determine what caused the occurrence.

Community Admin

 • 

5.7K Messages

@coltmaster1​ the only difference between wireless interference and jamming is intent. That is, jamming is just interference that someone is doing on purpose. Otherwise, as @Jim also notes, it's not really possible to distinguish between them.

And that's why the notification comes through to our users as "Wireless Interference Detected". It's mostly likely just general interference, but we're letting you know just in case.

44 Messages

3 years ago

As a EE I can tell you that trying to differentiate between a deliberate jamming signal versus other interference on the 433.92 MHz channel is pretty much impossible. You can detect that you are getting a strong signal that is not correctly encoded for that system but that’s all. You don’t have any way to know if it’s deliberate jamming unless the received power level is off the chart. For example above the FCC limits. If it’s within allowed transmit power levels you can’t determine intent. 

2.8K Messages

@Jim​ 

Thanks for that.

So, SS, if you detect jamming, what exactly do you do to alert the customer?  Send a push/text msg with "interference detected"?  How many times do I have to ask before we get a real answer? 

Community Admin

 • 

5.7K Messages

I have mentioned it before but yes. You'll get both a Push Notification through the app, and a Smart Alert through email/SMS for "Wireless Interference Detected". It of course also shows up on your Timeline event log.

1 Message

2 years ago

Can an intruder bypass entry sensor only or all other sensors as well using this approach?

while owner is somewhere remote, and when all sensors are bypassed what options the owner is left with to safeguard the home?

38 Messages

1 year ago

I can tell you that the SS response is not accurate at all. As someone who holds two FCC licenses for radio usage, let me tell you how easily it is to defeat the SS system without knowing where any sensors are located. All one needs to do is buy a very cheap Chinese handheld radio with the brand name Beofeng on Amazon. They go for about $30. Now set the radio to 5 watt power output and change the radio frequency to the same frequency as SS sensors. With the alarm on, hold down the transmit button on the cheap handheld and keep holding the transmit button the entire time you do this. Now open a door....SS is jammed now and an alarm will not sound. I have actually walked around my house and my yard and the SS system never sends an alarm. It makes no difference where the sensors are located or if you know where they are located or not. The good news out of all this is at least the SS system will tell you it is being jammed so you could then call the police to ask them to check the house as someone might be trying to jam you system to break it. But for SS to say you have to know precisely where the sensors are located is frankly completely incorrect.

742 Messages

To be fair, it's not like that's the only way to defeat SS or other systems that make use of specific technologies. Or even the most thorough way.

I could also just cut the internet connection at a house and use a cell jammer to stop the base station from talking to the SS servers via WiFi or Cellular. At that point you can trip any sensors you want and since you're not tripping the RF interference detection you won't even get an alert for that. (And even if you did trip it it's not like the base station can tell anyone about it.

I'm not defending their use of a fixed RF frequency vs. constantly changing range or something by any means. I just think that across the relative low cost DIY security space it's fair to say most if not all services are vulnerable to one or more attacks. 

10 Messages

One thing you're forgetting: if you have a decent mesh of PoE outdoor cameras with "people (motion) detection" around your house, then you wouldn't stand a chance using your methodology.  But you point out the fatal flaw of the WiFi-based security solution: in the end it's not terribly robust!

5 Messages

10 months ago

SimpliSafe - please respond to Duffy_4’s assertion regarding ease of defeating the SimpliSafe system. This issue is not going away and deserves more than the responses offered to date.

742 Messages

Realistically I don't see any kind of fix/improvement in their current generation of hardware. Hopefully with gen4 (or whatever its called, whenever it's supposed to arrive) they'll at least make use of a frequency range instead of a fixed frequency. If I understand it correctly with something like FHSS they can constantly change the specific frequency they use but that's not fool proof.

As an aside, this is one of the reasons that putting the SimpliSafe sign in your front yard is an AWFUL idea. You're just giving cheat codes to bad actors by doing so.

10 Messages

10 months ago

I'm an engineer (EE) so I figured I'd weigh in on this.  What duffy_4 mentions is a current REALITY in the world of WiFi security.  In fact, there have been some recent articles online detailing how gangs of tech saavy thieves have been targeting wealthy neighborhoods and jamming WiFi security systems.  Here's just one example:

www.techspot.com/news/101866-minnesota-burglars-using-wi-fi-jammers-disable-home.html

The bad news is that there's no WiFi-centric fix for this because thwarting the overloading of WiFi devices isn't fixable with current technology (as we've seen in the Ukraine's "FPV wars").  There's only one solution for this: hard wired PoE outdoor cameras and/or hardwired door/window devices.  One thing you might want to consider (and perhaps SS as well) is the installation of PoE cameras on your home with your router and PoE switch hooked to a UPS.  Then make sure that your incoming internet connection isn't visible for all to see (and cut), say on the side of your house.  Now you have a robust system you can pair with the SS WiFi basics.

Like several people have stated: once jamming becomes more and more common and broadcasted to the general public, there will be a big push in the security industry to thwart the threat with enhanced jamming detection, frequency shifting, WiFi/hard wired hybrid solutions, etc.  The companies that will survive are the companies that address this the fastest.

New to the Community? Get started by reading our Welcome Article and please be sure to review our Community Guidelines before posting.