Popular home security system SimpliSafe can be easily disabled by burglars

There's no easy fix and systems need to be replaced, security researchers said

It's not unusual to hear of vulnerabilities in smart-home security systems these days, as security researchers turn their attention to the Internet of Things. It's worrying, though, when a modern security system turns out to be vulnerable to a so-called replay attack, the kind of thing that worked against garage door openers back in the 1990s.

The latest example is SimpliSafe, a wireless alarm system that's marketed as cheaper and easier to install than traditional wired home security systems. Its manufacturer claims that the system is used in over 200,000 homes in the U.S.

According to Andrew Zonenberg, a researcher with security consultancy firm IOActive, attackers can easily disable SimpliSafe alarms from up to 30 meters away, using a device that costs around $250 to create a replay attack.

SimpliSafe has two main components, a keypad and a base station, that communicate with each using radio signals. The base station also listens for incoming signals from a variety of sensors.

Zonenberg found that the confirmation signal sent by the keypad to the base station when the correct PIN is entered can be sniffed and then later played back to disarm the system. Recovering the actual PIN is not necessary, since the "PIN entered" packet can be replayed as a whole.

This is possible because there is no cryptographic authentication between the keypad and the base station.

To pull off the attack, Zonenberg bought a SimpliSafe key pad and base station and then soldered a generic microcontroller board to them. With a few hundred lines of C code the gadget can listen for incoming 433 MHz radio traffic and capture "PIN entered" packets from other SimpliSafe key pads located within 100 feet.

When the owner of a real SimpliSafe system enters the correct PIN, a device like Zonenberg's that's hidden in its vicinity will capture the confirmation packet and will store it in memory. The attacker can use the device to resend the packet to the base station at a later time, for example when the home owner is away. This will disarm the alarm.

Fixing the problem would require SimpliSafe to add authentication and encryption to the system's communications protocol, so that base stations will only accept signals from authorized key pads.

Unfortunately such changes can't be made to existing SimpliSafe systems, because the microcontrollers they use cannot be reprogrammed, Zonenberg said in a blog post Wednesday. "This means that field upgrades of existing systems are not possible; all existing keypads and base stations will need to be replaced."

According to Zonenberg, the attack is inexpensive and can be implemented even by low-level attackers, especially if they pay someone else to build the sniffing device for them. To make matters worse, the manufacturer provides "Protected by SimpliSafe" warning signs that users can display on their windows or in their yards, inadvertently marking their homes as potential targets.

SimpliSafe did not immediately respond to a request for comment.

Join the PC World newsletter!

Error: Please check your email address.

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Lucian Constantin

IDG News Service
Show Comments

Essentials

Microsoft L5V-00027 Sculpt Ergonomic Keyboard Desktop

Learn more >

Lexar® JumpDrive® S57 USB 3.0 flash drive

Learn more >

Mobile

Lexar® JumpDrive® S45 USB 3.0 flash drive 

Learn more >

Exec

Lexar® Professional 1800x microSDHC™/microSDXC™ UHS-II cards 

Learn more >

Audio-Technica ATH-ANC70 Noise Cancelling Headphones

Learn more >

Lexar® JumpDrive® C20c USB Type-C flash drive 

Learn more >

HD Pan/Tilt Wi-Fi Camera with Night Vision NC450

Learn more >

Budget

Back To Business Guide

Click for more ›

Most Popular Reviews

Latest News Articles

Resources

GGG Evaluation Team

Michael Hargreaves

Windows 10 for Business / Dell XPS

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?