Today, wireless intrusion systems and IoT (Internet of Things) are tied together so that what affects the one is almost sure to influence the other. This fact came to light in 2014 when Hewlett Packard Enterprise (HPE) conducted a study that revealed that 70% of IoT devices are vulnerable to attack. The concern then, as now, involves the fact that the majority of today’s intrusion systems are Internet connected.
A second HPE study, conducted in 2015, revealed even more perplexing news on the security of security: “The simplicity and convenience of home security systems is unquestionable, especially with their remote monitoring capabilities. But do these smart security devices actually make our homes safer or put them more at risk by providing easier electronic access via an (insecure) IoT device?”
In other words, by ignoring the little things, we jeopardize the bigger ones. This same concern also applies to commercial systems, although to a lesser degree. Just ahead, we’ll explore this and other wireless security matters such as encryption, provide practical ideas on how security professionals can minimize inherent risks and see what some manufacturers are doing to mitigate these issues.
Protecting Traditional Wireless Connection
Several years ago a story hit the news where two computer code-savvy IT professionals were able to hack a popular brand of alarm panel, disarming the system by recording and retransmitting the various radio frequency (RF) signals to the alarm system. Of special concern was the user keyfobs that arm and disarm the system. The issue also centered on the use of an unencrypted RF technology.
“Two researchers say that top-selling home alarm setups can be easily subverted to either suppress the alarms or create multiple false alarms that would render them unreliable. False alarms could be set off using a simple tool from up to 250 yards away, though disabling the alarm would require closer proximity of about 10 feet from the home,” wrote Kim Zetter in the July 2014 WIRED article, “How Thieves Can Hack and Disable Your Home Alarm System.”
The first part of this issue, which involves unencrypted radio signals, has been addressed by several security system manufacturers since this story hit the Internet in 2014. One method is to change the keyfob arm/disarm code each time it’s used, something that garage door radio control manufacturers have been doing for some time.
“Bosch control panels support multiple wireless platforms, including Bosch RADION, as well as Inovonics Echo-Stream. RADION utilizes synchronized encryption for keyfob communications, which provides increased immunity to replay attacks for more reliable system security,” says Tom Mechler, application design manager with Bosch of Fairport, N.Y.
Although there is no perfect security system, signal encryption at this level helps assure the bad guys will fail at the task of signal interception. New security companies as well as experienced professionals searching for something a step above the traditional should look for systems that provide secure signal transmission centering on encrypted data.
“In addition to encrypting the transmission, the system and keyfob also maintain synchronization. Every time a keyfob button is pressed, it increments the code. Similar to traditional rolling code schemes, it uses an incremented code for its next transmission. The receiver knows to look for this incremented code and will not accept messages that do not match. This thwarts attempts to record and replay the transmission. By combining synchronization and encryption, the Bosch RADION platform provides reliable, secure system operation,” says Mechler.
The second method of dealing with vulnerable radio signals is to use spread spectrum technology. In this case, radio transmitters basically transmit data over multiple frequencies in such a manner that interception is extremely difficult if not impossible. The other part of the spread spectrum solution is it effectively stops high-tech criminals who attempt to jam the wireless receiver by sending out a radio signal on the same frequency the system uses.
“DMP’s 900MHz two-way wireless technology has proven very solid and reliable, because of its frequency-hopping spread spectrum technology and acknowledgement for every message, it’s difficult to intercept or tamper with,” says Mark Hillenburg, executive director of marketing with DMP of Springfield, Mo. “The wireless communication is hopping randomly over 53 channels every 32 milliseconds, based on a unique code that changes for each system. Any interference or collision in a single fragment of a message results in a retry of that message fragment on another channel. This has met the most stringent UL anti-jamming requirements, and has proven completely reliable gaining UL commercial fire listings and widespread adoption among discerning dealers.”
The takeaway from this is to do your homework and select a wireless alarm system that clearly makes use of rolling codes, encryption or spread spectrum technologies.
Unprotected Network Communications
The industry in general is seeing more and more use of 802.11 (Wi-Fi) when it comes to residential IoT. It’s important for technically progressive security dealers to make absolutely sure the IoT devices they enroll in their wireless security systems use an encrypted form of Wi-Fi simply because an open connection becomes the weakest link in the security chain. Most of the systems that currently use unencrypted Wi-Fi appear to be consumer grade on the DIY (do-it-yourself) side.