Also customers can change their passcodes anytime locally or remotely via our webapp so if this ever did happen, any passcode data collected useless in a matter of minutes. ![]() "Our system provides customers notifications of their disarm events, so they could catch the criminal in the act. It’s theoretically possible but highly unlikely, and we’re not aware of it being exploited. We’re working to resolve this concern, which also affects other major home security providers. "The security of our systems is our top priority. She also pointed out that customers are notified every time someone disarms an alarm, so customers should notice when something was amiss even if not checking logs, whilst PINs could be changed from the SimpliSafe smartphone app. SimpliSafe spokesperson Melina Engel told FORBES that it was planning on releasing hardware with over-the-air firmware updates and that customers would be given a discount on those once they were available. ADT, this week bought for $7 billion, and Vivint were also caught out using unencrypted signals between the sensors and devices used to manage alarms. The attacks are not dissimilar to those demonstrated in 2014 against devices from bigger beasts than SimpliSafe. Just a few hours’ work would be required. But Zonenburg and IOActive head of research Cesar Cerrudo told FORBES an attack of this calibre could be carried out using a software defined radio and related hardware that could be bought for under $50. The access, which was attained with permission from the owner, allowed your reporter to unlock doors, turn off alarms and access the CCTV controls of the affected building from more than 5,000 miles away in London, though he didn’t go that far.Īn attacker would have to pay at least $250 for their own SimpliSafe system to carry out this attack. ![]() In a separate FORBES story released today, your reporter found it was easy to hack into an alarm system in San Francisco, all via a browser and armed with easily-guessable passwords. Such weaknesses, and more severe ones, have been found across the home and business alarm industry. ![]() It means there's no patch coming, leaving all owners without a remedy other than to stop using the equipment, Zonenberg said. SimpliSafe has also installed a one-time programmable chip in its alarm, meaning there's no chance of an over-the-air update. Anyone who can locate a SimpliSafe owner can use basic hardware and software, bought for between $50 and $250, to harvest customer PINs and turn alarms off at a distance of up to 200 yards away, said Dr Andrew Zonenberg, senior security consultant at IOActive.
0 Comments
Leave a Reply. |