Consumer Reports: DYI Security Systems Hack with RF Jamming
A few years back a YouTuber reported SS, and other DYI wireless systems, could be hacked with a garage door key fob for under $3. I did my own testing and found, as others, this was true but the intruder had to know the exact location of the sensor and the position of the base and put the key fob in direct line with it. For higher powered RF devices, however, it would work in larger areas, however SS would report the jamming activity.
Fast forward to today, and Consumer Reports has come out with the results of a recent study showing SS3, while vulnerable to this type of attack, will report the jamming to the owner. That's good, but here is what got me: ADT's wireless system prevented the jamming! For those that have been around in the forums for awhile know my dislike of ADT is very strong. Here's my question to Simplisafe: While you notify me of a jamming incident, why can't you stop the attempt in the first place like ADT? To be fair, SS was one of the few systems that could even detect and report the jamming, but c'mon, ADT can prevent it from being successful in the first place? Gauntlet thrown down SS, you have to address this.
Below is the link to a local TV station's report but I encourage you, if you have an account with Consumers Reports, read the original referenced article. In it they have a full response from SS:
Glenn Gomes-Casseres, vice president of product and design at SimpliSafe, points out that these attacks are difficult to pull off in the first place.
“In order to jam a device, one would have to perfectly execute a highly nuanced protocol with devices specifically tuned and configured for this purpose,” says Gomes-Casseres. “And even if successful, thanks to SimpliSafe’s built-in detection, customers are alerted, and cameras are queued to record and capture evidence, during jamming attempts.”
Mr. Gomes-Casseres, congrats on the detection feature, now how about matching or exceeding ADT and the other systems that resist this type of attack?
1 year ago
Thanks for sharing. For everyone else tuning in, here’s the full article from Consumer Reports with a more thorough comparison between different wireless systems. In their test, we were given a “Very Good” rating, and overall we continue to be ranked #1 for DIY Home Security Systems.
First, this goes without saying (and criminals may not care), but using a device to jam electronic communication is an FCC violation, and therefore against the law. Secondly, given the sophistication involved, intruders are unlikely to use a targeted jamming attack.
That being said, as Consumer Reports notes, all wireless security systems are susceptible to highly advanced jamming - but the intruder would have to target the right frequencies and have enough power. If Consumer Reports had used different equipment and test procedures, ADT’s system could have been jammed as well. And as you mention, SimpliSafe features intelligent jam detection, so you’ll get a warning by Push Notification, as soon as an attempt is made. Right now, ADT Blue (ADT's newer wireless system) does not!
Of course, we are not content to rest here. We’re committed to your security from all manner of threats, and that includes developing solutions to even the most unlikely attack vectors - like jamming. We are continuing to evaluate potential vulnerabilities and update our security measures and technology to keep you safe.
1 year ago
Fix it fast, or lose business. Mr. Gomes-Casseres' words are NOT sufficient when the world is full of tech hackers who WILL read the CR article and immediately begin using their devices. Better to remove the SimpliSafe sign from the yard and windows and doors than invite that into our homes.
.Business now will go to:
"Blue by ADT, Ecobee, Honeywell Home, Kangaroo, and Ooma—successfully resisted jamming"
1 year ago
So, SS is still putting lipstick on a pig.
"...And as you mention, SimpliSafe features intelligent jam detection, so you’ll get a warning by Push Notification, as soon as an attempt is made."...
And such notification states what? "Wireless interference detected."? If it says something different, please provide that info.
Have asked a million times since 2018, how does the customer know when a jamming event occurs vs wireless interference or some other interference? SS has been incredibly vague about this for years (and let's not forget, SS2 users still have the code capture problem that will never be fixed, which was also downplayed).
For that matter, why does SS always downplay this stuff? ("but everyone else can be hacked too!" and "you'd have to have super-duper sophisticated equipment to pull this off!"). SS shouldn't be concerned with everyone else. SS should be concerned with your own customers. You did it with SS2, you're doing it with SS3. It's not "sophisticated", stop pretending it is. It's been tested and determined to be a known flaw by pros, by laypersons, and by SS customers alike.
If SS KNOWS a jamming event has occurred, send a push notification (and SMS/txt to those who don't have the phone app) to the user stating so, and not 'interference" which means absolutely nothing to the user. Know what else is a problem? Users becoming complacent with "interference detected" messages and just assuming it's some random, phantom occurrence in the home, even though they cannot determine what caused the occurrence.
1 year ago
As a EE I can tell you that trying to differentiate between a deliberate jamming signal versus other interference on the 433.92 MHz channel is pretty much impossible. You can detect that you are getting a strong signal that is not correctly encoded for that system but that’s all. You don’t have any way to know if it’s deliberate jamming unless the received power level is off the chart. For example above the FCC limits. If it’s within allowed transmit power levels you can’t determine intent.
7 months ago
Can an intruder bypass entry sensor only or all other sensors as well using this approach?
while owner is somewhere remote, and when all sensors are bypassed what options the owner is left with to safeguard the home?
4 months ago
Don't know where else to post this, but I just want to make sure it gets the most appropriate attention. My wife and I just realized we still hadn’t received two packages for Christmas, but when checking their statuses, they already arrived last week. Checking the timeline footage both the outdoor camera and doorbell camera recorded their deliveries taking place, but at no point is there footage of anyone afterwards coming and taking the packages.
No clue who took it. We don’t have it. There’s no footage. The packages are simply gone.
I’ve read the statement about the Consumer Reports jamming article stating that SS would send a message about someone attempting to jam the system, and I believed that this would be somewhat sufficient. I didn’t receive any such notice, nor is there anything in the timeline. There’s just a gap in time.
Thankfully the monetary value was low, but the fact that our security system was compromised makes me wonder why I should keep this system. If I needed security in an actual emergency, I feel like I can no longer rely on SS.