comments

Home security systems vulnerable to hackers, cyberattacks

By Troy Wolverton
San Jose Mercury News
NORWOOD_0625_03
John D. Simmons - JOHN D. SIMMONS - jsimmons@charl
This is a home security camera with the receiver "brains" of the operation plugged into the wall in the background. A smart phone, IPad, or laptop can be used to access your home security system which includes locking doors, viewing security cameras, lighting and air conditioning. John D. Simmons - jsimmons@charlotteobserver.com

You probably knew that hackers could break into your email account and the NSA can listen in on your calls. But did you know that your home security system may be vulnerable to a cyberattack also?

Hackers can easily compromise the signals being sent by wireless sensors in newer security systems, potentially preventing those systems from alerting homeowners when someone has broken into their house, according to new research. Meanwhile, Google’s DropCam Web cam, which has become popular as a low-cost security monitoring system for consumers, is at risk of being used to monitor its owners, according to separate research.

Both research findings will be presented in Las Vegas in August at the twin security conferences: Black Hat and Def Con.

Logan Lamb, a researcher at the Department of Energy’s Oak Ridge National Laboratory, will present his findings about the vulnerabilities of home security systems at Black Hat.

Many of the latest home security systems rely on wireless sensors to detect when doors or windows are opened or when someone is moving inside a house. Security companies have been switching over to wireless sensors, because they are far cheaper to install; instead of having to run wire through the house, installers can simply affix them to a window or a door.

But Lamb found that the signal the sensors transmit to the alarm panel are typically unencrypted, meaning that they can be easily intercepted and spoofed. He has demonstrated that hackers could monitor the movements of people in and out of the house, jam sensor signals that might warn of a break-in or set off false alarms, using nothing more than an inexpensive, off-the-shelf radio connected to a laptop computer. He’s been able to compromise systems from popular security companies including both ADT and Vivint.

“The idea of covering a home with more security sensors does not translate into a more secure home,” Lamb told Forbes.

Meanwhile, Patrick Wardle and Colby Moore, who are researchers at security firm Synack, will present their findings about DropCam at Def Con. Wardle and Moore found that a DropCam system can be compromised by someone who has physical access to the device.

When a DropCam is booting up, it can be put into a mode that would allow someone to install malicious software. The software could be used to intercept video feeds coming from the camera or to replace the live video sent to the owners with another video stream.

In interviews with Forbes, both the security companies and DropCam played down the significance of the security flaws. But the vulnerabilities are further proof that in the digital world nothing – even those intended to enhance security – are absolutely secure.

Hide Comments

This affects comments on all stories.

Cancel OK

The Charlotte Observer welcomes your comments on news of the day. The more voices engaged in conversation, the better for us all, but do keep it civil. Please refrain from profanity, obscenity, spam, name-calling or attacking others for their views.

Have a news tip? You can send it to a local news editor; email local@charlotteobserver.com to send us your tip - or - consider joining the Public Insight Network and become a source for The Charlotte Observer.

  Read more



Hide Comments

This affects comments on all stories.

Cancel OK

The Charlotte Observer welcomes your comments on news of the day. The more voices engaged in conversation, the better for us all, but do keep it civil. Please refrain from profanity, obscenity, spam, name-calling or attacking others for their views.

Have a news tip? You can send it to a local news editor; email local@charlotteobserver.com to send us your tip - or - consider joining the Public Insight Network and become a source for The Charlotte Observer.

  Read more


Quick Job Search
Salary Databases
Your 2 Cents
Share your opinion with our Partners
Learn More

CharlotteObserver.com