Submitted via IRC for SoyCow1984
Alarm System Defeated By $2 Wireless Dongle, Nobody Surprised
The item in question is the SimpliSafe alarm system, a fully wireless, install-it-yourself system available online and from various big-box retailers. We’ve covered the system’s deeply flawed security model before, whereby SDRs can be used to execute a low-effort replay attack. As simple as that exploit is, it looks positively elegant next to [LockPickingLawyer]’s brute-force attack, which uses a $2 RF remote as a jammer for the 433-MHz wireless signal between sensors and the base unit.
With the remote in close proximity to the system, he demonstrates how easy it would be to open a door or window and enter a property guarded by SimpliSafe without leaving a trace. Yes, a little remote probably won’t jam the system from a distance, but a cheap programmable dual-band transceiver like those offered by Baofeng would certainly do the trick. Not being a licensed amateur operator, [LockPickingLawyer] didn’t test this, but we doubt thieves would have the respect for the law that an officer of the court does.
(Score: 1, Informative) by Anonymous Coward on Monday August 26 2019, @07:51PM (1 child)
On the one hand, it's a bit silly it's so trivial to defeat. On the other hand:
"Door deadbolt lock defeated by a $10 common tool [amazon.com], nobody surprised."
A lot of security in place is there just to keep honest men honest, and any criminal who really didn't care would trivially bypass it.
On the other other hand, I'm not sure if an Alarm system should be more or less secure than a Lock system. Moreover, calling out security theater snake oil salesmen should be encouraged, so maybe my comments are out of place.
(Score: 0) by Anonymous Coward on Monday August 26 2019, @07:58PM
The point is to raise the profile of the attack and to increase the skill level required to break in. There isn't much you can do to prevent a skilled burglar from breaking in, but you can make the task not worth doing with things like security systems.