Captain
•
6K Messages
Consumer Reports: DYI Security Systems Hack with RF Jamming
A few years back a YouTuber reported SS, and other DYI wireless systems, could be hacked with a garage door key fob for under $3. I did my own testing and found, as others, this was true but the intruder had to know the exact location of the sensor and the position of the base and put the key fob in direct line with it. For higher powered RF devices, however, it would work in larger areas, however SS would report the jamming activity.
Fast forward to today, and Consumer Reports has come out with the results of a recent study showing SS3, while vulnerable to this type of attack, will report the jamming to the owner. That's good, but here is what got me: ADT's wireless system prevented the jamming! For those that have been around in the forums for awhile know my dislike of ADT is very strong. Here's my question to Simplisafe: While you notify me of a jamming incident, why can't you stop the attempt in the first place like ADT? To be fair, SS was one of the few systems that could even detect and report the jamming, but c'mon, ADT can prevent it from being successful in the first place? Gauntlet thrown down SS, you have to address this.
Below is the link to a local TV station's report but I encourage you, if you have an account with Consumers Reports, read the original referenced article. In it they have a full response from SS:
"
Glenn Gomes-Casseres, vice president of product and design at SimpliSafe, points out that these attacks are difficult to pull off in the first place.
“In order to jam a device, one would have to perfectly execute a highly nuanced protocol with devices specifically tuned and configured for this purpose,” says Gomes-Casseres. “And even if successful, thanks to SimpliSafe’s built-in detection, customers are alerted, and cameras are queued to record and capture evidence, during jamming attempts.”
Mr. Gomes-Casseres, congrats on the detection feature, now how about matching or exceeding ADT and the other systems that resist this type of attack?
https://www.ky3.com/2022/02/22/consumer-reports-hackable-home-security-systems/
Accepted Solution
Official Solution
davey_d
Community Admin
•
5.6K Messages
2 years ago
Hi Captain,
Thanks for sharing. For everyone else tuning in, here’s the full article from Consumer Reports with a more thorough comparison between different wireless systems. In their test, we were given a “Very Good” rating, and overall we continue to be ranked #1 for DIY Home Security Systems.
First, this goes without saying (and criminals may not care), but using a device to jam electronic communication is an FCC violation, and therefore against the law. Secondly, given the sophistication involved, intruders are unlikely to use a targeted jamming attack.
That being said, as Consumer Reports notes, all wireless security systems are susceptible to highly advanced jamming - but the intruder would have to target the right frequencies and have enough power. If Consumer Reports had used different equipment and test procedures, ADT’s system could have been jammed as well. And as you mention, SimpliSafe features intelligent jam detection, so you’ll get a warning by Push Notification, as soon as an attempt is made. Right now, ADT Blue (ADT's newer wireless system) does not!
Of course, we are not content to rest here. We’re committed to your security from all manner of threats, and that includes developing solutions to even the most unlikely attack vectors - like jamming. We are continuing to evaluate potential vulnerabilities and update our security measures and technology to keep you safe.
(edited)
3
richard78
2 Messages
2 years ago
Fix it fast, or lose business. Mr. Gomes-Casseres' words are NOT sufficient when the world is full of tech hackers who WILL read the CR article and immediately begin using their devices. Better to remove the SimpliSafe sign from the yard and windows and doors than invite that into our homes.
.Business now will go to:
"Blue by ADT, Ecobee, Honeywell Home, Kangaroo, and Ooma—successfully resisted jamming"
1
0
coltmaster1
2.8K Messages
2 years ago
So, SS is still putting lipstick on a pig.
"...And as you mention, SimpliSafe features intelligent jam detection, so you’ll get a warning by Push Notification, as soon as an attempt is made."...
And such notification states what? "Wireless interference detected."? If it says something different, please provide that info.
Have asked a million times since 2018, how does the customer know when a jamming event occurs vs wireless interference or some other interference? SS has been incredibly vague about this for years (and let's not forget, SS2 users still have the code capture problem that will never be fixed, which was also downplayed).
For that matter, why does SS always downplay this stuff? ("but everyone else can be hacked too!" and "you'd have to have super-duper sophisticated equipment to pull this off!"). SS shouldn't be concerned with everyone else. SS should be concerned with your own customers. You did it with SS2, you're doing it with SS3. It's not "sophisticated", stop pretending it is. It's been tested and determined to be a known flaw by pros, by laypersons, and by SS customers alike.
If SS KNOWS a jamming event has occurred, send a push notification (and SMS/txt to those who don't have the phone app) to the user stating so, and not 'interference" which means absolutely nothing to the user. Know what else is a problem? Users becoming complacent with "interference detected" messages and just assuming it's some random, phantom occurrence in the home, even though they cannot determine what caused the occurrence.
1
Jim
42 Messages
2 years ago
As a EE I can tell you that trying to differentiate between a deliberate jamming signal versus other interference on the 433.92 MHz channel is pretty much impossible. You can detect that you are getting a strong signal that is not correctly encoded for that system but that’s all. You don’t have any way to know if it’s deliberate jamming unless the received power level is off the chart. For example above the FCC limits. If it’s within allowed transmit power levels you can’t determine intent.
2
sagarshah1983
1 Message
2 years ago
Can an intruder bypass entry sensor only or all other sensors as well using this approach?
while owner is somewhere remote, and when all sensors are bypassed what options the owner is left with to safeguard the home?
0
0
duffy_4
38 Messages
11 months ago
I can tell you that the SS response is not accurate at all. As someone who holds two FCC licenses for radio usage, let me tell you how easily it is to defeat the SS system without knowing where any sensors are located. All one needs to do is buy a very cheap Chinese handheld radio with the brand name Beofeng on Amazon. They go for about $30. Now set the radio to 5 watt power output and change the radio frequency to the same frequency as SS sensors. With the alarm on, hold down the transmit button on the cheap handheld and keep holding the transmit button the entire time you do this. Now open a door....SS is jammed now and an alarm will not sound. I have actually walked around my house and my yard and the SS system never sends an alarm. It makes no difference where the sensors are located or if you know where they are located or not. The good news out of all this is at least the SS system will tell you it is being jammed so you could then call the police to ask them to check the house as someone might be trying to jam you system to break it. But for SS to say you have to know precisely where the sensors are located is frankly completely incorrect.
2
kkgrass
5 Messages
5 months ago
SimpliSafe - please respond to Duffy_4’s assertion regarding ease of defeating the SimpliSafe system. This issue is not going away and deserves more than the responses offered to date.
1
rmolinowski
10 Messages
5 months ago
I'm an engineer (EE) so I figured I'd weigh in on this. What duffy_4 mentions is a current REALITY in the world of WiFi security. In fact, there have been some recent articles online detailing how gangs of tech saavy thieves have been targeting wealthy neighborhoods and jamming WiFi security systems. Here's just one example:
www.techspot.com/news/101866-minnesota-burglars-using-wi-fi-jammers-disable-home.html
The bad news is that there's no WiFi-centric fix for this because thwarting the overloading of WiFi devices isn't fixable with current technology (as we've seen in the Ukraine's "FPV wars"). There's only one solution for this: hard wired PoE outdoor cameras and/or hardwired door/window devices. One thing you might want to consider (and perhaps SS as well) is the installation of PoE cameras on your home with your router and PoE switch hooked to a UPS. Then make sure that your incoming internet connection isn't visible for all to see (and cut), say on the side of your house. Now you have a robust system you can pair with the SS WiFi basics.
Like several people have stated: once jamming becomes more and more common and broadcasted to the general public, there will be a big push in the security industry to thwart the threat with enhanced jamming detection, frequency shifting, WiFi/hard wired hybrid solutions, etc. The companies that will survive are the companies that address this the fastest.
0