1 Message
Timeline Device Designation Too Vague
The timeline is rather vague when it comes to the devices being used. For example, I've noticed that when a test mode times out, the timeline only tells me that the system was turned off from the app. It says nothing about the test mode timing out. (I discovered this on my first day using SimpliSafe, before I even had the app installed.)
The same goes for arming/disarming from a browser, from customer service representative during testing, as well as from the actual app. They all use the nebulous 'app' designation without any other specifics. It would help if people had to name their browser (e.g. "Chrome on living room computer") so we can actually see where the command came from.
I imagine it's a variant of an if-else statement and 'app' is just the catchall next to 'else'. If that is the case, then all a bad actor has to do is identify the other scenarios where the 'app' designation is called, then they can create those circumstances, then SimpliSafe pushes a notification to the user, then the user visually inspects the timeline. But since the timeline just says the app is the device being used (even though it's not), the user would ignore the notification as harmless. This is a potential false negative.
The same goes for arming/disarming from a browser, from customer service representative during testing, as well as from the actual app. They all use the nebulous 'app' designation without any other specifics. It would help if people had to name their browser (e.g. "Chrome on living room computer") so we can actually see where the command came from.
I imagine it's a variant of an if-else statement and 'app' is just the catchall next to 'else'. If that is the case, then all a bad actor has to do is identify the other scenarios where the 'app' designation is called, then they can create those circumstances, then SimpliSafe pushes a notification to the user, then the user visually inspects the timeline. But since the timeline just says the app is the device being used (even though it's not), the user would ignore the notification as harmless. This is a potential false negative.
No Responses!