Simplisafe is a popular wireless alarm system. The company says it protects over 200, 000 homes — and a security expert just showed that anyone with some technical knowledge can remotely disarm it.
With some coding work, he built a receiver that could listen in on that chatter. He couldn't figure out the system's PIN code, but he was able to record the string of code the system broadcasts whenever a correct PIN is entered. By broadcasting it back at the system he could disarm it without even touching it.
And it took just a couple hundred dollars worth of equipment — far less than the potential prize of a successful burglary.
This means a sufficiently sophisticated person could set up a similar receiver within a few hundred feet of a protected home and disable their entire security system. Not a great problem for a security company to have. And because the Simplisafe system resists firmware updates, it can't be easily globally fixed.
Ars Technica reports that a Simplisafe representative downplayed the problem in an email, writing, "This type of attack represents such a small percentage of total break-ins that the FBI does not even keep a count." The rep also said that a burglar would face more obstacles after such an attack to a successful burglary.
For his part, Zonenberg writes that this issue is particularly concerning because "many unsuspecting consumers prominently display window and yards signs promoting their use of this system…essentially self-identifying their home as a viable target for an attacker."
He says he reached out to Simplisafe directly before posting on his blog, but received not response.
We've reach out to Simplisafe representatives and will update if they get back to us.
Here's a video in which Zonenberg explains the hack:
Update: A Simplisafe representative sent us a link to a response posted on the company's website after this article was published. The post argues that Zonenberg's hack was highly unusual and sophisticated and has never been reported in an actual crime. Customers have no reason to be concerned, Simplisafe says, but if they are, there are a number of steps they can take to increase their security, such as reguarly changing their PIN. The company also points out a number of ways its system may be safer than many traditional, wired alarms. You can read their full response here.