Discussion in 'The Howard Stern Show' started by dawg, Sep 6, 2016.
Shameful. The right way to do it is to scare monger people that if they don't buy our systems then their homes or businesses will inevitably either burn down or get broken into.
People open the door then fall for a scam. I dont answer doors or telephones.
I knew a dude who worked for an alarm company over summer break. Knew every trick in the book for defeating the system. It's a good deterrent, but a big dog helps too.
Some good preventative measures are below, mostly about protecting wireless signals.
How Thieves Can Hack and Disable Your Home Alarm System
When it comes to the security of the Internet of Things, a lot of the attention has focused on the dangers of the connected toaster, fridge and thermostat. But a more insidious security threat lies with devices that aren’t even on the internet: wireless home alarms.
Two researchers say that top-selling home alarm setups can be easily subverted to either suppress the alarms or create multiple false alarms that would render them unreliable. False alarms could be set off using a simple tool from up to 250 yards away, though disabling the alarm would require closer proximity of about 10 feet from the home.
“An attacker can walk up to a front door and suppress the alarm as they open the door, do whatever they want within the home and then exfiltrate, and it’s like they were never there,” says Logan Lamb, a security researcher at the Oak Ridge National Lab, who conducted his work independent of the government.
Lamb looked at three top brands of home alarm systems made by ADT, Vivintand a third company that asked that their name not be identified. The Vivint system uses equipment manufactured by 2Gig, which supplies its equipment to more than 4,000 distributors.
Separately, Silvio Cesare, who works for Qualys, also looked, independent of his job, at more than half a dozen popular systems used in Australia, where he lives, including ones made by Swann, an Australian firm that also sells its systems in the U.S.
No matter what the brand or where they’re sold, the two researchers found identical problems: All the wireless alarm systems they examined rely on radio frequency signals sent between door and window sensors to a control system that triggers an alarm when any of these entryways are breached. The signals deploy any time a tagged window or door is opened, whether or not the alarm is enabled. But when enabled, the system will trip the alarm and also send a silent alert to the monitoring company, which contacts the occupants and/or the police. But the researchers found that the systems fail to encrypt or authenticate the signals being sent from sensors to control panels, making it easy for someone to intercept the data, decipher the commands, and play them back to control panels at will.
“All of the systems use different hardware but they are effectively the same,” Lamb says. “[They’re] still using these wireless communications from the mid-90s for the actual security.”
The signals can also be jammed to prevent them from tipping an alarm by sending radio noise to prevent the signal from getting through from sensors to the control panel.
“Jamming the intra-home communications suppresses alarms to both the occupants and the monitoring company,” Lamb says.
Although some alarms use anti-jamming counter measures to prevent someone from blocking signals from sensors to control panels—if they detect a jamming technique, they issue an audible alarm to the occupant and send an automatic transmission to the monitoring company—but Lamb says there are techniques to beat the countermeasures as well, which he’ll discuss at his talk.
One of the Australian products that Cesare examined had an additional vulnerability: Not only was he able to intercept unencrypted signals, he could also discover the stored password on the devices—the password a homeowner would use to arm and disarm the whole setup.
The two researchers plan to present their findings separately next month at the Black Hat security conference in Las Vegas. Lamb will also present his research at the Def Con hacker conference. The researchers both focused on home-alarm systems, rather than commercial-grade models used to secure businesses.
The two researchers each used a software-defined radio to intercept and replay communications. Lamb used a USRP N210, which costs about $1,700. For a serious home-burglary ring, this would be a small investment. Lamb says he was able to do a replay attack—copying signals and sending them back to the system to trigger false alarms—from 250 yards away using this device without a direct line of sight to the sensors. Software-defined radios are controlled with software and can be tweaked to monitor different frequencies. With minimal changes to the code in his SDR, Lamb was able to “have my way in all the systems.”
But he could also use an RTL-SDR—a device that costs about $10 from Amazon to monitor signals. These devices don’t transmit signals, so an attacker wouldn’t be able to disable the alarm system. But he could monitor the signals from up to 65 feet away. Because the transmissions contain a unique identifier for each monitored device and event, an attacker could identify when a window or door in a house was opened by an occupant and possibly use it to identify where victims are in the house—for example, when occupants close a bedroom door for the night, indicating they’ve gone to bed.
“So as people go about their days in their homes, these packets are being broadcast everywhere,” he says. “And since they’re unencrypted, adversaries can just sit around and listen in. Suppose you have a small [monitoring] device to chuck in a [rain] gutter. With minimal effort you could tell when someone leaves the house … and establish habits. I think there’s some value there and some privacy concerns.”
Cesare found that some systems used a remote that let homeowner to arm and disarm their alarms without entering a password on a control panel. This data is transmitted in the clear, also via radio frequency, and can be monitored. He found that most of the systems he examined used only a single code. “I captured the codes that were being sent and replayed them and defeated the security of these systems,” he says. Cesare notes that the systems could be made more secure by using rolling codes that change, instead of fixed ones, but the manufacturers chose the easier method to implement with their hardware, at the expense of security.
Cesare was also able to physically capture stored passwords a system made by Swann. All he had to do was attach a microcontroller programmer to read data off the EEPROM. Although he says the firmware was protected, preventing him from reading it, the password was exposed, offering another attack vector to disable the alarm.
Cesare points out that commercial-grade systems are likely more secure than the home systems they examined. “In the home-alarm product, there is an expectation that you’re not going to have as strong security as a commercial-grade system,” he says. But customers still expect at least basic security. As Lamb and Cesare show, that’s debatable.
lol @ the Elvis house!
These people prey on the elderly and the ignorant--shameful.
My ex-BF's parents fell for the driveway pavement scam--the creeps took their money upfront, pretended to pave half the driveway, and vanished. He was so mad at his parents for not calling him immediately (he lived a few doors over) that he couldn't talk to them for a week.
The old pavement scam, haven't heard that one in a while
Guess which state?
I worked for an alarm monitoring company for a few years, they were a bunch of crooks. They charged the installers extra money if they wanted a dedicated receiver for all their customer's alarms but there actually weren't any dedicated receivers - all of them were shared with other dealers. One time they shut down a receiver for maintenance and forgot to turn it back on, so we didn't receive any alarms from some locations for several hours. When customers called in to find out why there was no response, they lied and said it must be a malfunction at their end.