SimpliSafe home alarms transmit PIN unlock codes in the clear – ideal for lurking burglars If you've got a SimpliSafe wireless home alarm system, as hundreds of thousands of homes in the US apparently do, then it's time to buy a new alarm system because yours is screwed. SimpliSafe markets itself as a wireless home alarm system that eliminates all those fiddly wires from sensors. Sadly, the engineers behind the …
Yeah but, all properties in America still have locks and bolts on their doors and windows don't they?...not to mention battlefield assault rifles and 9millies...so its still going to be a bit dicky for any burglar to break in irregardless of the bobbins alarm system.....wait a minute what if the FBI had a word in the ear of SimpiSafe?...could've asked them to put a 'backdoor' in the backdoor!...and the front door and the lavvie window and the cat flap....
"[...] radio-based system cost about $250 [...]"
433mhz transmitter/receiver modules for this sort of common radio signalling are only one or two pounds/dollars. Combine them with an Arduino UNO or NANO and you are away. Under $20 I would think.
I have that combination spoofing my Byron door bells and PIR detectors. It rings the door bells dotted round the house with one chime if someone approaches the house. It uses a different chime if they press the door bell.
IE by burglars out burglaring.
Always been sus about wireless burglar alarms.
figured the "I'm still here" beacon signals the sensors would have to send to the main unit would eat batteries.
Never considered the security would be so s**t as well
These are low end systems that would be installed in houses burgled by low end burglars. I doubt the guys robbing houses with these alarms are anywhere near smart enough to do this analysis. If they were, they'd do a similar analysis against higher end systems, and no doubt find weaknesses in them (though hopefully not this bad) and be able to rob a home owned by "lifestyles of the rich and famous" instead of that garish McMansion down the block.
These things auto-configure insofar that adding a sensor only involves setting a send ID or channel - there is usually no attempt to verify a sensor is still active and connected.
All you need to do is enable a jammer near the alarm box and it won't be able to pick up a sensor signal, staying nice and quiet while you empty the place. You could even go for really pissing off the owner by taking away the sensors too.
Alarms (and cameras) and wireless? Just say no.
That's my point, a wired system tends to have wire break detection by default, even the cheap ones are typically set up to break on alarm - still easy to rig if the installer hasn't been creative with multi-wire cable, but that requires physical access first.
The wireless variety is typically set up to work on batteries, and heartbeats don't exactly help there, also because you also get an alarm when a battery fails, and that tires quickly if you have a bunch of them doing this at different times.
Well...caveat emptor. Warnings about simplisafe proprietary systems have been on the Interwebs for quite a while. I'm sure other systems have issues as well, but they have a reputation for a huge advert budget and old tech systems that can't be taken to another monitoring company if you decide to change.
I did a bit of research before getting my system and bought mine outright. Made sure sensors were unique key and only could be added/removed in program mode. Disabled remote arm/disarm. Changed all levels of PINs. Hired a monitoring firm and bought their cell network card for my system from them.
Can it be bypassed? Sure. Time+knowledge will allow entry into most any system.
Simplisafe as a business has a fault. They are only a smidgen of a step above a traditional alarm company, but still act like a legacy alarm company.
Their customer communication SUCKS.
Add to that, they refuse to acknowledge the "Cloud." Things like IFTTT, integration into other devices like NEST, ECHO, etc...
Ask them about it, and a single person who is responsible for marketing and communication will reply with a canned response a hundred times over with the same BS corporate line. Proof is in their user forums about that...
I've been meaning to email their head developer and CEO via linkedin, but have yet to figure out their email aliases... So I haven't been putting much thought into it.
It's the alarm I wanted due to it's sensor options. But hate their lack of internet integration (without a subscription)
There is a well known brand, sold by a number of DIY chains, that has a similar issue. They use off the shelf chips with a finite number of codes and have no jamming or brute force detection at all. Wall down most streets and look for the bright yellow solar powered box.
Wired systems have come a long way. Even basic systems now use either digital monitoring of sensors or a wiring scheme called eol that has two or more resistors. Open circuit the wire, thats a tamper. Short it, that's a tamper too. You need to know the exact two resistors and what contacts they are sat on and even a few mS anomaly on the wiring will wake more sophisticated systems and start all sorts of monitoring.
AFAIK wireless is only considered secure for insurance with encryption on all end points and anti jamming.
Basic code hopping would defeat this issue as the co shouldnt speak to any device it has no knowledge of. OK not perfect but better than nothing at all.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
