Researchers show ways to bypass home and office security systems

Many door sensors, motion detectors and security keypads can be bypassed using simple techniques, researchers from Bishop Fox said

Many door and window sensors, motion detectors and keypads that are part of security systems used in millions of homes and businesses can be bypassed by using relatively simple techniques, according to researchers from security consultancy firm Bishop Fox.

The researchers presented some of the bypass methods they discovered in a talk at the Black Hat USA security conference in Las Vegas on Wednesday, but declined to name any vendors whose products are affected.

"We started looking at security sensors, going from the outside in, and we found a few implementation issues that we can take advantage of," said Drew Porter, a senior security analyst at Bishop Fox.

For example, many door sensors rely on magnetic fields to work and if you hit them with a high enough magnetic field, they trip, Porter said. Window sensors are vulnerable to the same issue, he said.

These sensors have a basic design so bypassing them is not hard, but that wouldn't get intruders very far. The next thing they would need to do is move around the building without setting off motion detectors.

Most motion detectors, even newer ones, use infrared to detect significant changes in the surrounding room's temperature, Porter said. Normally, walking around in a room would set off these sensors, but using something as simple as a piece of styrofoam to shield your body can trick them, he said.

However, since walking around with a large piece of styrofoam can raise suspicion, the Bishop Fox security consultants who frequently assess physical security systems for clients, looked for other ways to bypass these sensors.

They found a few families of motion detectors that can be reset by pointing a source of light of a certain wavelength -- infrared or near infrared -- at them. This blinds the sensors for as long as the light source is pointed at them plus an additional three seconds, Porter said.

The motion detection sensors of this type are deployed quite often as part of different security systems, the researcher said.

Moving forward from the motion detector sensors, the researchers analyzed the keypad systems that send out calls to reporting centers if the alarm is tripped.

These keypads can use cellular networks or landlines to communicate, Porter said.

Many keypads are using old cellular technology and can be easily fooled by setting up a rogue base station -- a small cell tower -- the researcher said. The keypads will then connect to the attacker-controlled base station instead of the real cellular network, meaning that even if they send out an alert, it wouldn't reach its intended destination, he said.

Once you have the keypad's modem connected to the base station it is also possible to send commands that can temporarily disable existing sensors, change how they react or disable the alarm sound, Porter said. "If the alarm goes off, there is the ability to disable it remotely."

Older keypads that still use landlines would set off the alarm if the line is cut to prevent communication with the reporting center, Porter said. However, it turns out that in order to monitor the link they check for a specific voltage. So if the attacker can tap the line and supply that voltage, he can cut it without setting off the alarm, he said.

At least a third of old security systems and probably a quarter of the newer ones can have all of their components -- door locks, motion detectors and keypads -- bypassed, Porter said, noting that this is a very rough estimation based on his knowledge of what technologies are currently being used and keeping in mind that physical security systems have a high turnaround. A five-year turnaround in the world of physical security would actually be considered quick, he said.

The Bishop Fox researchers provided recommendations about what owners of such devices can do to mitigate some of the attacks and are also working with the affected vendors to address these problems.

Porter believes that ultimately, the task and cost of upgrading these systems will likely fall with the users.

"I don't really see many vendors going and replacing these units," he said. They'll have to build different units that will have to function differently and some of the required changes will be significant, he said.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags Bishop Foxsecurityblack hatphysical security

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Lucian Constantin

IDG News Service
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Kurt Hegetschweiler

Brother PocketJet PJ-773 A4 Portable Thermal Printer

It’s perfect for mobile workers. Just take it out — it’s small enough to sit anywhere — turn it on, load a sheet of paper, and start printing.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?