- A researcher at IOActive found that SimpliSafe home security system’a alarm can be disabled remotely without knowing the PIN.
- Communication between system components are not protected allowing to launch a reply attack.
- One needs to be at physical proximity to capture unencrypted signals and replay later.
- This vulnerability cannot be patched by firmware update as Simplisafe uses onetime programmable micro controllers.
- A recent HP IoT study shows that most of top 10 popular home security systems lacks protection against sophisticated attackers.