Attackers can Disable SimpliSafe Alarms Remotely

  • A researcher at IOActive found that SimpliSafe home security system’a alarm can be disabled remotely without knowing the PIN.
  • Communication between system components are not protected allowing to launch a reply attack.
  • One needs to be at physical proximity to capture unencrypted signals and replay later.
  • This vulnerability cannot be patched by firmware update as Simplisafe uses onetime programmable micro controllers.
  • A recent HP IoT study shows that most of top 10 popular home security systems lacks protection against sophisticated attackers.

References

SecurityWeek.com

HP IoT Study

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s