Submitted via IRC for SoyCow1984
Alarm System Defeated By $2 Wireless Dongle, Nobody Surprised
The item in question is the SimpliSafe alarm system, a fully wireless, install-it-yourself system available online and from various big-box retailers. We’ve covered the system’s deeply flawed security model before, whereby SDRs can be used to execute a low-effort replay attack. As simple as that exploit is, it looks positively elegant next to [LockPickingLawyer]’s brute-force attack, which uses a $2 RF remote as a jammer for the 433-MHz wireless signal between sensors and the base unit.
With the remote in close proximity to the system, he demonstrates how easy it would be to open a door or window and enter a property guarded by SimpliSafe without leaving a trace. Yes, a little remote probably won’t jam the system from a distance, but a cheap programmable dual-band transceiver like those offered by Baofeng would certainly do the trick. Not being a licensed amateur operator, [LockPickingLawyer] didn’t test this, but we doubt thieves would have the respect for the law that an officer of the court does.
(Score: 5, Interesting) by SemperOSS on Monday August 26 2019, @04:25PM (2 children)
The trifecta of price vs. convenience vs utility is difficult. People often want a cheap, convenient system that works just right, which, unfortunately, is rarely achievable in real life. Many modern-day alarm systems are not well designed and only (barely?) do the job they say on the box.
Since all wireless systems can be jammed, every wireless detector in a well-designed system must regularly check in with the central server/control box, that should raise a warning (if not the alarm) whenever a couple of pings have been missed from any sensor. This way the system would react to being jammed, albeit slightly slower than to a direct alarm. The downside of pinging regularly would be shorter battery life for non-mains-based detectors. This simple measure would actually work in a wired system as well.
Oh, and it would obviously enable the system to detect a run-down battery as well.
The problem with convenience in systems like these are that few people are able to assemble their own, despite the possibility to create a very sophisticated system for under £50. I have a Raspberry Pi with a couple of PIR sensors and time-of-flight sensors as virtual tripwires plus a HD web-cam for surveillance. It has a simple battery backup for the few times the power goes. Voilà.
I don't need a signature to draw attention to myself.
Maybe I should add a sarcasm warning now and again?
(Score: 2) by FatPhil on Tuesday August 27 2019, @07:46AM (1 child)
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
(Score: 3, Interesting) by SemperOSS on Tuesday August 27 2019, @02:51PM
I bought a little board off of eBay. This board is essentially the innards of a powerbank for your own Li-Ion batteries (I use one 18650). The board has one micro-USB input and two USB A outputs (5V, up to 2A). So far, this board has not had any problems.
I would have given you a link to the listing, only the seller has apparently stopped on eBay.
I don't need a signature to draw attention to myself.
Maybe I should add a sarcasm warning now and again?