Researchers show ways to bypass home and office security systems

Many door sensors, motion detectors and security keypads can be bypassed using simple techniques, researchers from Bishop Fox said

Many door and window sensors, motion detectors and keypads that are part of security systems used in millions of homes and businesses can be bypassed by using relatively simple techniques, according to researchers from security consultancy firm Bishop Fox.

The researchers presented some of the bypass methods they discovered in a talk at the Black Hat USA security conference in Las Vegas on Wednesday, but declined to name any vendors whose products are affected.

"We started looking at security sensors, going from the outside in, and we found a few implementation issues that we can take advantage of," said Drew Porter, a senior security analyst at Bishop Fox.

For example, many door sensors rely on magnetic fields to work and if you hit them with a high enough magnetic field, they trip, Porter said. Window sensors are vulnerable to the same issue, he said.

These sensors have a basic design so bypassing them is not hard, but that wouldn't get intruders very far. The next thing they would need to do is move around the building without setting off motion detectors.

Most motion detectors, even newer ones, use infrared to detect significant changes in the surrounding room's temperature, Porter said. Normally, walking around in a room would set off these sensors, but using something as simple as a piece of styrofoam to shield your body can trick them, he said.

However, since walking around with a large piece of styrofoam can raise suspicion, the Bishop Fox security consultants who frequently assess physical security systems for clients, looked for other ways to bypass these sensors.

They found a few families of motion detectors that can be reset by pointing a source of light of a certain wavelength -- infrared or near infrared -- at them. This blinds the sensors for as long as the light source is pointed at them plus an additional three seconds, Porter said.

The motion detection sensors of this type are deployed quite often as part of different security systems, the researcher said.

Moving forward from the motion detector sensors, the researchers analyzed the keypad systems that send out calls to reporting centers if the alarm is tripped.

These keypads can use cellular networks or landlines to communicate, Porter said.

Many keypads are using old cellular technology and can be easily fooled by setting up a rogue base station -- a small cell tower -- the researcher said. The keypads will then connect to the attacker-controlled base station instead of the real cellular network, meaning that even if they send out an alert, it wouldn't reach its intended destination, he said.

Once you have the keypad's modem connected to the base station it is also possible to send commands that can temporarily disable existing sensors, change how they react or disable the alarm sound, Porter said. "If the alarm goes off, there is the ability to disable it remotely."

Older keypads that still use landlines would set off the alarm if the line is cut to prevent communication with the reporting center, Porter said. However, it turns out that in order to monitor the link they check for a specific voltage. So if the attacker can tap the line and supply that voltage, he can cut it without setting off the alarm, he said.

At least a third of old security systems and probably a quarter of the newer ones can have all of their components -- door locks, motion detectors and keypads -- bypassed, Porter said, noting that this is a very rough estimation based on his knowledge of what technologies are currently being used and keeping in mind that physical security systems have a high turnaround. A five-year turnaround in the world of physical security would actually be considered quick, he said.

The Bishop Fox researchers provided recommendations about what owners of such devices can do to mitigate some of the attacks and are also working with the affected vendors to address these problems.

Porter believes that ultimately, the task and cost of upgrading these systems will likely fall with the users.

"I don't really see many vendors going and replacing these units," he said. They'll have to build different units that will have to function differently and some of the required changes will be significant, he said.

Join the PC World newsletter!

Error: Please check your email address.

Tags physical securityblack hatsecurityBishop Fox

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Lucian Constantin

IDG News Service

Most Popular Reviews

Follow Us

Best Deals on GoodGearGuide

Shopping.com

Latest News Articles

Resources

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Latest Jobs

Shopping.com

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?