SimpliSafe is a popular wireless alarm system. The company says that it protects over 200,000 homes — and a security expert just showed that anyone with some technical knowledge can remotely disarm it.
Security researcher Andrew Zonenberg posted on his blog that he reverse-engineered the way the SimpliSafe system's parts talk to one another wirelessly.
With some coding work, he built a receiver that could listen in on that chatter. He couldn't figure out the system's PIN code, but he was able to record the string of code the system broadcasts whenever a correct PIN is entered. By broadcasting it back at the system, he could disarm it without even touching it.
And it took just a couple hundred dollars' worth of equipment — far less than the potential prize of a successful burglary.
Related story
This means that a sufficiently sophisticated person could set up a similar receiver within a few hundred feet of a protected home and disable the entire security system. Not a great problem for a security company to have. And because the SimpliSafe system resists firmware updates, it can't be easily globally fixed.
Ars Technica reports that a SimpliSafe representative downplayed the problem in an email, writing, "This type of attack represents such a small percentage of total break-ins that the FBI does not even keep a count." The rep also said that a burglar would face more obstacles after such an attack to a successful burglary.
For his part, Zonenberg writes that this issue is particularly concerning because "many unsuspecting consumers prominently display window and yards signs promoting their use of this system...essentially self-identifying their home as a viable target for an attacker."
He says that he reached out to SimpliSafe directly before posting on his blog, but received no response. We've reach out to SimpliSafe representatives and will update if they get back to us.
Here's a video in which Zonenberg explains the hack:
