All Wireless Security Alarm Systems are not Vulnerable (but most are)

Wired Magazine is back to remind us that most of the security alarm systems installed are easily hacked. In 2014 Wired reported on the vulnerabilities of alarm systems installed by ADT, Vivent, and others; and today reported on similar vulnerabilities of security alarm system installed by Xfinity:

Security researchers at Rapid7 have found vulnerabilities in Comcast’s Xfinity Home Security system that would cause it to falsely report that a property’s windows and doors are closed and secured even if they’ve been opened; it could also fail to sense an intruder’s motion.
— Wired Magazine

In response to their reporting CERT (Computer Emergency Response Teams, sponsored by the US Department of Homeland Security) issued a “Vulnerability Note” echoing this warning.

This is not news. The majority of consumer intrusion alarm manufacturers operate under the assumption that intruders are not going to be knowledgeable or do their homework. And they are largely correct.

Most break-ins are opportunistic and perpetrated by someone looking for the easy way in, and a quick way out. Intrusion Alarm Systems do not need to be sophisticated to address this threat. The wireless vulnerability is just one of many deficiencies of most security alarm systems.

most of the EQUIPMENT installed by national alarm companies have been found to be vulnerable. Urban Alarm installs alarm control panels that are not SUSCEPTIBLE to these issues. 

most of the EQUIPMENT installed by national alarm companies have been found to be vulnerable. Urban Alarm installs alarm control panels that are not SUSCEPTIBLE to these issues. 

Basic encryption, standard in any consumer WiFi router, is extremely rare and generally only implemented in the most secure DOD level intrusion alarm systems (e.g., Sensitive Compartmented Information Facility or SCIF’s).

I have never heard a major consumer-oriented alarm company mention issues around social engineering much less have a strategy for mitigating those risks.

Wired cited a Comcast spokesperson responding to today’s article: “Our home security system uses the same advanced, industry-standard technology as the nation’s top home security providers,” the spokesperson said. “The issue being raised is technology used by all home security systems that use wireless connectivity for door, window and other sensors to communicate.”

Well, yes and no. It is shockingly true that systems sold by most security alarm manufacturers are vulnerable to this same problem. However, there are security alarm systems that are proactive in addressing these issues, and much less vulnerable. Security alarm installers that put security ahead of cost and some “nice to have” features can talk about these trade-offs, and offer options that significantly address these problems.

I recently discussed “high security alarm systems” with a customer who was looking for the absolute state of the art in security. And while most major alarm companies would suggest such systems center around “smart homes” and “internet of things” the most secure systems are not always the coolest systems (or at least the systems that look cool in an advertisement).

What makes a high security intrusion alarm system? There is a range, from the DIY and mass market systems covered in these Wired articles, to the uber high security systems that are defined by UL standards and are the cornerstone of security for the intelligence and defense agencies.

Most of the systems Urban Alarm installs address the specific wireless vulnerabilities covered in the articles with two-way wireless, wireless jamming detection, higher frequency spread-spectrum technology, and variable time duration supervision. Some customers want the alarm system to sound a warning when interference jams the wireless signal for a moment. Others are less concerned and would prefer an uninterrupted night’s sleep to a false warning from innocuous stray wireless signals.

Characteristics of a high security intrusion alarm system (this technical list is for illustration and scope so I will not get into detailed explanation of each here):

  • High frequency spread-spectrum wireless
  • Two-way wireless with variable timeframe supervision
  • Anti-jamming detection and notification
  • End of line resistors (at the end of line, not in the alarm panel)
  • Multiple communication paths for monitoring signal transmission
  • Aggressive supervision of a security panel’s communication from the central station (e.g., the alarm panel performs a communications test every few minutes and a failure triggers a warning or alarm)
  • Encrypted communication with an alarm monitoring central station
  • IP restricted reporting and/or VPN tunneling to central monitoring station
  • Tamper detection on panels, wires, and other elements of the alarm system
  • Biased (balanced) magnetic reed contact
  • Two-Factor Authorization with Central Station Dispatchers
  • Social Engineering defeat strategies

It is not practical or cost effective to implement all of these strategies in every installation. Threat assessments are a part of designing a good security alarm systems. Installing a security system where there is a specific targeted threat may be different than for someone whose primary concern is the most likely scenario: the 99% opportunistic threat.

The security industry needs to do better. The near industry-wide “security through obscurity” model is going to get worse as naive mass market providers try to compete with creative feature innovation coming from Silicon Valley and manufacturers (the good ones) are pushed beyond their focus on pure security.