Today, my wireless alarm hacking posts ended up on Hackaday, and I received this comment:
Your average suburban burglar is gonna be way to dumb to figure this stuff out. And if you’ve got millions of dollars worth of art or whatever that might attract a higher class of crook, you’re not gonna scrimp on security eh?
I’ve had more than a few people reply with the same sentiment over the last few months, so I thought I’d reply here rather than in a comment.
Burglars are too dumb
The burglar doesn’t need to be clever. He just needs to buy a device from someone who is clever and immoral. It’s possible to use a CC1110 RF SoC to jam, disarm, and otherwise disable many of these alarms. It wouldn’t need any skill to operate and it wouldn’t cost much.
Burglars won’t bother
This was exactly what people said about keyless ignition and entry on cars. That quickly changed once exploits were available.
Anyone with sense would have a better alarm system
They might have an alarm system that looks better on paper. But they have absolutely no way of actually knowing if the alarm has any exploitable vulnerabilities or not. There is no requirement for alarms to be independently tested. I can confidently say that much more expensive alarms are no better than the Friedland alarm detailed in my posts.
As an aside from this – the higher grade alarms are really only there to satisfy insurance requirements. As long as it the system meets the requirements of the insurers, it shouldn’t matter if there are any vulnerabilities. Unless, of course, it looks like the alarm wasn’t set in the first place…
This doesn’t mean that burglars are exploiting vulnerabilities in wireless alarms. It does mean two things:
- Consumers don’t have the means to tell if an alarm system is secure or not, due to poor standards and lack of third party testing.
- Alarm and signalling manufacturers are happy to sell insecure equipment because of this.