Saturday, August 27, 2016

SimpliSafe isn't Safe, neither is Xfinity, Vivint or ADT.

The bottom line: DO NOT put a sign in your front yard saying monitored by:
- SimpliSafe
- Vivint
- ADT
- Comcast Xfinity
If you must use such a sign, consider at least trading with a neighbor that has a different system than yours. Each of these systems uses wireless signals to communicate from the sensor to the control device. Each can be intercepted with Software Defined Radio.

Our home insurance requires a monitoring system. We had one installed by a professional, but we have had a lot of problems with it. Once the installer came two weeks after a problem and said, "I have paying customers you know", (we are paying customers).  I was attracted by the idea of SimpliSafe.

I also looked into Vivint, but they are not transparent about pricing, (or anything else). They use the ADT "free installation" marketing approach.

The most important feature for me was the smoke alarms. We have had problems with smoke alarms since we built the house.

The SimpliSafe system arrived promptly and the install was easy. Now, three weeks after the install we have had four false positives, with three of the smoke detectors. The system is running in test mode so the fire department is not called. One of my Linkedin connections, Indy, suggests, "Stephen, I have it installed in our home.  Some of the batteries were low and they would set off the alarm.  I took them out of the configuration, at the keypad, until I could change the battery and then add the sensor back in to the system through the keypad."

I put out a notice on Linkedin and Facebook to see if others have had problems. And learned a lot!  Scott Ashton pointed me to an IOActive blog post that found the PIN is transmitted as cleartext, "IOActive made attempts through multiple channels to contact SimpliSafe upon finding this critical vulnerability, but received no response from the vendor. IOActive also notified CERT of the vulnerability in the normal course of responsible disclosure. The timeline can be found here within the release advisory. " This means an attacker with some RF smarts can break in with about $150.00 worth of equipment if they can lurk 100 yards away from the property. Well home security wasn't my main driver the smoke alarms are. But it also means an attacker could set off false alarms.

Well, I do not have a massive investment in SimpliSafe, maybe a different technology? In Washington State we have Comcast Xfinity, maybe something like that? Well a bit of research turned up a Wired Magazine article saying, "Philip Bosco, a security researcher at Rapid7, found vulnerabilities in Comcast’s Xfinity Home Security system that would cause it to falsely report that a property’s windows and doors are closed and secured even if they’ve been opened; it could also fail to sense an intruder’s motion." Also, (and more importantly), the last time I had trouble with the system they tried to charge me for a service call. (they quit trying to do that after I offered to cancel the service).

Vivint, a retailer for 2GIG, can also be hacked or even jailbroken. Wired Magazine has an article about jamming the signal so you can enter a door without the alarm firing. The sane article mentions ADT. More information about ADT can be found here. Apparently these revelations resulted in a class action law suit.

Forbes has an article about hacking Bay Alarm, but that might have been a procedural problem.

Very educational.


No comments:

Post a Comment