The so-called 'Smart' Technology, which is designed to make your Home Safer, is actually opening your house doors for hackers. The latest in this field is SimpliSafe Alarm.
SimpliSafe wireless home alarm systems – used by more than 300,000 customers in the United States – are Hell Easy to Hack, allowing an attacker to easily gain full access to the alarm and disable the security system, facilitating unauthorized intrusions and thefts.
…and the most interesting reality is: You Can Not Patch it!
As the Internet of Things (IoT) is growing at a great pace, it continues to widen the attack surface at the same time.
Just last month, a similar hack was discovered in Ring – a Smart doorbell that connects to the user's home WiFi network – that allowed researchers to hack WiFi password of the home user.
How to Hack SimpliSafe Alarms?
According to the senior security consultant at IOActive Andrew Zonenberg, who discovered this weakness, anyone with basic hardware and software, between $50 and $250, can harvest alarm's PIN and turn alarm OFF at a distance of up to 200 yards (30 meters) away.
Since SimpliSafe Alarm uses unencrypted communications over the air, thief loitering near a home with some radio equipment could sniff the unencrypted PIN messages transferred from a keypad to the alarm control box when the house owner deactivates the alarm.
The attacker then records the PIN code on the microcontroller board's memory (RAM) and later replay this PIN code to disable the compromised alarm and carry out burglaries when the owners are out of their homes.
Moreover, the attacker could also send spoofed sensor readings, like the back door closed, in an attempt to fool alarm into thinking no break-in is happening.
Video Demonstration of the Hack
You can watch the video demonstration that shows the hack in work:
"Unfortunately, there's no easy workaround for the issue since the keypad happily sends unencrypted PINs out to anyone listening," Zonenberg explains.
Here's Why Your Smart Alarms are Unpatchable
Besides using the unencrypted channel, SimpliSafe also installs a one-time programmable chip in its wireless home alarm, leaving no option for an over-the-air update.
"Normally, the vendor would fix the vulnerability in a new firmware version by adding cryptography to the protocol," Zonenberg adds. But, "this isn't an option for the affected SimpliSafe products because the microcontrollers in currently shipped hardware are one-time programmable."
This means there is no patch coming to your SimpliSafe Alarm, leaving you as well as over 300,000 homeowners without a solution other than to stop using SimpliSafe alarms and buy another wireless alarm systems.
Zonenberg said he has already contacted Boston-based smart alarm provider several times since September 2015, but the manufacturer has not yet responded to this issue. So, he finally reported the issue to US-CERT.