A YouTube video demonstrates how the device can be fooled by a $2 wireless emitter that mimics the frequency of its door and window sensors.
IoT-based home security systems have had their own security issues, but that hasn’t kept consumers from buying them. As their popularity increases so it seems do the number of security flaws found within them.
Thanks to a YouTuber that calls themselves “LockPickingLawyer”, the SimpliSafe DIY security system was found to be easily compromised by a $2 wireless transmitter.
See also: New High-Level IoT Security Guidelines from NIST
In a video, LockPickingLawyer demonstrated how a cheap wireless transmitter that mimics the frequency of the system’s door and window sensors is able to block the alarm from activating if a door or window is opened. This is accomplished by using the transmitter at the same time as the door or window is opened. He did add that if the emitter comes too close to the alarm base, the user will get a notification of wireless interference. This hack is made possible by the system’s reliance on the 433.92MHz frequency, which is used by a wide variety of other electronics.
When contacted by The Verge, SimpliSafe disputed the YouTuber’s findings:
“The video is misleading, and it doesn’t apply to how security systems work in real life. In this video, the video maker finds a precise frequency, signal strength, and orientation of system components in which they can thread the needle of blocking system communication without triggering an alert.
In real life, this is unlikely. Because signal strength degrades unpredictably depending on distance and landscape, it would be very difficult for anyone to hit on the “right” strength without triggering an alert.”
LockPickingLawyer responded: “SimpliSafe takes issue with the system components being arranged close together during the video. That was a necessity of filmmaking, not a physical limit of the exploit. In my testing, I carried sensors away from the base station to the far reaches of my home, then conducted the same tests with the same device and obtained the same results. If anything, testing at realistic distances showed a more significant problem insofar as the SimpliSafe system was less likely to detect the interference.
SimpliSafe’s other criticism is that someone would need prior knowledge of the system’s arrangement to avoid the detection of interference. The company is attacking a straw man. What is necessary to avoid detection of this exploit was outside the scope of my testing. In fact, my video explicitly notes that SimpliSafe may detect the interference. Detection of interference, however, never triggered an alarm in my testing. It only sent an “alert” that the resident may or may not investigate.”
This is not the first time SimpliSafe has come under fire for a security issue. In 2016 the system was found to be “inherently insecure and vulnerable” after researchers from IOActive were able to o infiltrate and disarm the security system and listen in on radio traffic, and a Security Sales and Integration contributor and alarm expert analyzed the system and the results were grim.