Recently, a similar method was used to perform the same retransmission procedure with a well-known national brand of DIY wireless security systems that, according to the author of the following quote, uses unencrypted Wi-Fi. In this case, an IT expert was able to intercept the unprotected communications of the alarm user’s keyfobs when they disarmed their alarm system.
“IOActive’s Andrew Zonenberg has discovered that these devices all talk to each other via unencrypted Wi-Fi, with the controller pad broadcasting a ‘PIN code’ message to the base station whenever the alarm was turned off,” says Catalin Cimpanu, author of “Researcher Hacks Home Alarm System Just like in the Movies” (Softpedia). “The researcher found that these devices are interchangeable and that they can be moved from system to system. Using this knowledge, he bought a second alarm system and hot-wired a microcontroller board to this second system’s controller pad and base station.”
Although professional security companies are not likely to install DIY wireless systems that use unencrypted 802.11 communication technology, some actually sell it to consumers who want to install it themselves. The incentive, of course, is the RMR (recurring monthly revenue) factor. One such company, which appears to be national in scope, has made significant inroads into most local markets in the United States by widespread advertising. If you’re one of these companies, or you’re looking at the DIY market, be aware that many of these consumer-grade systems may mention “encoding” with regard to wireless signal data, rather than encrypted data. But in fact, encoding and encryption are not the same thing and this is something of which you need to be aware.
Assuring the Internet Connection
A good portion of the HPE 2015 report focused on the connection that alarm control panels and users’ smartphone apps have as well as general data security via the Internet. Not only does this include the issue of encryption quality with regard to the SSL/TLS connection, but also a general lack of authentication and authorization concerning mobile and cloud-based user interfaces. The concern here is access to and the general integrity of critical data and system functionality. In particular, HPE found that half of the wireless security systems they studied exhibited poorly configured and implemented SSL/TLS.
“Not all versions of SSL are the same. Just because it is SSL does not mean it is strong or cannot be broken,” says Michael Gregg, CEO of Superior Solutions Inc. of Houston, a provider of superior IT security services for medium and large corporations. “As an example, the site ssllabs.com/ssltest allows you to check the strength of a site running SSL. Notice how some have failing grades. Is this what you’d want from something called a ‘security system’?”
Since the release of HPE’s critical reports in 2014 and 2015, as well as numerous independent news reports on similar issues, much of the industry has responded by creating new and improved technologies to offset many of the deficiencies cited.
“The industry is finally starting to adopt newer technologies and with the awareness of cybersecurity, dealers are becoming more knowledgeable and asking for more information from their vendors to ensure their customers’ protection. This has caused manufacturers to improve not only their software systems but also their hardware systems,” says Dan Simon, managing partner with Connected Technologies LLC, of Crystal Lake, Ill. “For example, our smartphone app has the same security features as does our browser version, and some of those use the highest grade of SSL/TLS protection, three-field authentication, and lockout features.”
Simon is talking about access and the secure I/O connection to his firm’s Connect One platform, which is a Web-hosted service that allows users to view, control and interact with their security systems via a single Web/cloud-based interface. In addition, Connect One has a workaround for alarm systems that lack a secure communication format.
“In most cases, the connection between the alarm panel and our service is dependent on the designs of the alarm panel. However, we have recently worked to improve that with the addition of our access expander,” says Simon. “The access expander interfaces with the alarm panel locally and the access expander then connects to our cloud. In this way we can better manage the security of the connection. This is one way we have achieved better security in our product and also improved responsiveness.”
As time marches forward, the security industry will continue to work toward better, more secure hardware and software. Until the time when all of the security issues cited in HPE’s two reports are addressed by every manufacturer in the security market, security dealers will have to continue to be vigilant, educate themselves on all the issues and intelligently select the best and most secure equipment for their purposes.
If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our digital newsletters!
Leave a Reply