When investing in a home security system, many homeowners often select the wireless design over the hardwired. There are many reasons for this, but the most notable one involves the installation process. Hardwired systems require an intensive, drawn out installation process, which can be even more difficult for someone that is not tech savvy. The wireless system requires an installation process that can be completed in a matter of 30-60 minutes or less, in most cases. Below, you will discover more information about the insecurities revolving around the SimpliSafe security system.
The SimpliSafe system costs anywhere from $260-300, depending on the type of package you choose. This is a wireless system that is integrated with Wi-Fi and cellular technology, so it can communicate with your mobile phone and other wireless devices. The system comes with 4 door/window sensors, wireless keypad, remote, and base station. You can place the sensors up to 500’ away from the base and still remain within the wireless range.
The monthly monitoring fee is $14.99, which provides the homeowner with 24/7, 365-day a year monitoring. Of course, you can run the system, without subscribing to a monitoring package, but you will not receive alerts via your app enabled device, when a sensor is triggered. You will also be able to watch a live stream video of your property at any time, plus you will receive an audible alert, which emits from the base station.
SimpliSafe has released sales data regarding this device and it appears that this system is now installed in more than 200,000 homes within the United States alone. An IOActive researcher, Andrew Zoneberg has recently done on the SimpliSafe security system, just to test its security level. During this research project, Zoneberg discovered a rumor that the motion detectors can actually be disabled up to 98’ away.
This discovery will definitely make those that have invested in this system very concerned. Well, to prove that the rumor was legitimate, Zoneberg purchased a SimpliSafe security system. The wireless keypad and base station are the two major components of this system, which communicate with each other using 433 MHz radio frequencies. The base is also responsible for monitoring for incoming alerts from the surrounding motion sensors.
To complete the process, you actually do not have to recover the PIN, since the “PIN entered” packet can be replayed to its entirety. It appears that the signal being sent from the wireless keypad directly to the base can be detected very easily. By replaying it back, you can easily disarm the system, as long as you know the correct PIN.
Of course, Zoneberg being skilled in the security research world was able to create a micro-controller board, which he attached to the base station and wireless keypad with solder. This really does not take a genius to pull off, just someone that is dedicated in trying to hack into a specific security system.
The key to being able to disarm the SimpliSafe system is that it contains no encryption and authentication between the base and wireless keypad. This leaves an open loop hole that offers hackers the opportunity to alter the system’s settings, disarm the sensors, and break into your home, within a matter of hours.
For those of you that have invested in this wireless security system, you may have more questions regarding SimpliSafe’s intake on this very important matter. The question remains, will SimpliSafe admit to their failure of integrating encrypted authentication in the base or will they totally deny this proven fact? Well, everyone will need to sit back and wait to see what happens next. Of course, this would mean that Simplisafe would have to upgrade and replace every base station and wireless keypad sold to all consumers. This would be a major undertaking that could potentially run into millions of dollars to correct.
Zonenberg seems to think that the loop hole can be repaired with an upgrade to the base station, so it will only be able to accept radio frequencies from authorized wireless keypads. If you own one of these systems, you should definitely start investigating this major issue that was brought about, by no other than SimpliSafe, itself.