Are wireless home systems vulnerable?

 - 
07/30/2014

Tech publication Wired magazine may not focus too closely on alarm monitoring or residential security, but it does devote a good deal of ink to assessing network security threats, no matter what the context.

Just last month a writer for the magazine, Mat Honan, sketched a funny, dystopian picture of the connected home in revolt, commandeered by wayward hackers on some perverse quest for Internet notoriety. Identifiable only by screen names evoking bad cyberpunk movies, these lonesome code junkies are intent on doing everything from dousing homes with sprinkler systems to invading your privacy through in-home network cameras .

The piece, titled “The Nightmare on Connected Home Street,” is supposed to seem nearly implausible. The narrator is jarred awake at four a.m. by the pulse of dub step music exploding from his connected pillow. The piece ends, a few hours later, with the bare and awesomely memorable paragraph: “The skylights open up. The toaster switches on. I hear the shower kick in from the other room. It’s morning.”

It’s all just a thought experiment, of course, but the piece is thought-provoking and well worth a read.

Interestingly enough, about a month later, Wired turned its attention to security again, this time focusing on vulnerabilities that have nothing to do with IP devices. This time, the article dealt with security concerns related to wireless home alarms, which, according to a pair of researchers cited in the article, could be compromised—the alarms either being suppressed (via “jamming”) or made to deliver false signals. The researchers found identical problems among a number of brands.

The issue apparently has to do with radio frequency signals. While the conversation is understandable enough for a layman, it can drift into the arcane. In sum, the researchers found that the systems “fail to encrypt or authenticate the signals being sent from sensors to control panels," the report said, “making it easy for someone to intercept the data, decipher the commands, and play them back to control panels at will.” Would-be malefactors, the report says, can do this relatively easily.

A vulnerability is a vulnerability, and certainly no security company wants there to be any possibility of a system being hacked. But it should probably be mentioned that while these techniques may come across as elementary to the reading community of Wired Magazine, these methods would probably be, for your run-of-the-mill burglar, well above the norm from a sophistication standpoint.

The researchers cited in the article—Logan Lamb and Silvio Cesare—plan to present their findings at the Black Hat security conference, a computer security conference scheduled next week in Las Vegas. For my part, I’ll be eager to hear more about their findings and to see what kind of impact the research could have.