Don’t Let Your Home Security System Get Hacked
Unencrypted wireless systems allow hackers to jam your alarm and even spy on you through your security cameras. Here’s what you can do
You installed a home security system to feel safer. But what if you've just made your home more vulnerable to attack?
These days, just about every wireless device can be a target for hackers. Unfortunately, security systems are no exception. If you’re counting on a wireless security system to protect your nest, buyer beware: Nearly all of them have loopholes that tech-savvy criminals can exploit to take over.
Most wireless home security systems work in basically the same way: Sensors on the doors and windows send a radio signal to the control system inside the house. The signal is broken whenever the door or window is opened. If the system is armed, any break in the signal will set off the alarm.
The systems’ Achilles heel is in the radio signal, says security expert Keith Jentoft of RSI Video Technologies in Vadnais Heights, Minnesota. New devices that are readily and cheaply available on the Internet can jam the signal so the alarm never goes off.
“It’s been possible to jam alarms for decades,” says Jentoft, whose RSI security system is encrypted. “The problem is that it went from being very hard and expensive to very easy and cheap. There are tutorials on the Internet explaining how to do it.”
Thieves have also found ways to steal passwords to disarm the system.
“It’s not that the [security] equipment got worse,” he says. “It’s that the tools to exploit and hack it became something any video-game-playing kid could buy on his allowance.”
Chances are, it’s not bored kids who want to hack your system, though a neighborhood crank could set off false alarms in your house for fun. “Imagine a burglar using this equipment, or a stalker,” says Jentoft. “He can false alarm you into oblivion, until the cops don’t come anymore. Or someone could hack into your security video and watch you in the house, open your front door via wireless and be waiting for you when you get home.”
Asking security companies to do better
In 2104, a class action lawsuit was filed against ADT, a leading maker of home security systems, on the grounds that the company knew about these vulnerabilities and didn’t inform customers about them. The plaintiff charges that ADT’s wireless home security equipment sends unencrypted signals that can be hacked by third parties, who can then turn the alarm signal on and off at will. The suit also charges that hackers can take over a homeowner’s security cameras to spy on family members inside the home. The case has yet to be resolved.
But the problem is not confined to ADT. Experts say any wireless home security systems that are not unencrypted — and most of them are not — can be hacked. Cybersecurity researcher Logan Lamb of the Oak Ridge National Laboratory was able to break into a friend’s Vivint home security system (with permission) by using a software-defined radio (SDR) that monitors wireless transmissions.
Working a house length away, Lamb gained control of the system, whose wireless system from the 90s didn’t authenticate signals or encrypt them. His investigations have pushed some manufacturers to fix the loopholes in their security systems.
Some industry experts think the problem is overblown.
“It’s true that most wireless security systems can be hacked, but are thieves really doing that?” says a security industry expert who preferred to be anonymous. “I don’t think many burglars have the sophistication to disarm a wireless system. If they do have those skills, they don’t need to be burglars. And there are ways to disrupt traditional wired systems, too, such as cutting the wires to the house. But most burglars just try to break in and then run when the alarm goes off.”
Some Hollywood stars aren’t taking chances. Jentoft says he has heard some are trading their home automation systems’ keyless locks for regular keys.
How to protect yourself
What should you do to protect yourself from home security hackers?
Go wired. You could opt for a wired home security system. These are not vulnerable to hacking (although as one expert points out, a thief could cut the wires).
Buy a system with encrypted signals. Some new alarm systems have more sophisticated signals that broadcast on multiple channels, making it much more difficult to jam. Ask your salesperson if the signals are encrypted and look for that in the contract, along with wording on tamper resistance and jamming detection.
Don’t buy used security cameras. Buying used security camera equipment or webcams, for example, could allow hackers to more easily spy on you through an implantable device.
Once you’re satisfied with your system’s security, don’t forget the usual precautions. If you do have a system, remember to turn it on (many people don’t). If you use real keys, all doors to the outside should have deadbolt locks; pushbutton locks are easy to thwart.
In addition, keep doors and windows locked when you’re out of the house and at night. Get special locks for sliding glass doors, too — the standard lock is likely flimsy — and keep your garage locked, too. If you’re going to be gone for a while, make sure your house looks lived in. That means putting a lamp on a timer, getting someone to care for the yard and stopping delivery of mail and newspapers.
A security system can bring peace of mind, but it’s not enough to simply install it. You can’t let down your guard, especially in this age of high-tech larceny.