Home security systems vulnerable to hackers, cyberattacks
08/13/2014 10:57 AM
08/13/2014 10:58 AM
You probably knew that hackers could break into your email account and the NSA can listen in on your calls. But did you know that your home security system may be vulnerable to a cyberattack also?
Hackers can easily compromise the signals being sent by wireless sensors in newer security systems, potentially preventing those systems from alerting homeowners when someone has broken into their house, according to new research. Meanwhile, Google’s DropCam Web cam, which has become popular as a low-cost security monitoring system for consumers, is at risk of being used to monitor its owners, according to separate research.
Both research findings will be presented in Las Vegas in August at the twin security conferences: Black Hat and Def Con.
Logan Lamb, a researcher at the Department of Energy’s Oak Ridge National Laboratory, will present his findings about the vulnerabilities of home security systems at Black Hat.
Many of the latest home security systems rely on wireless sensors to detect when doors or windows are opened or when someone is moving inside a house. Security companies have been switching over to wireless sensors, because they are far cheaper to install; instead of having to run wire through the house, installers can simply affix them to a window or a door.
But Lamb found that the signal the sensors transmit to the alarm panel are typically unencrypted, meaning that they can be easily intercepted and spoofed. He has demonstrated that hackers could monitor the movements of people in and out of the house, jam sensor signals that might warn of a break-in or set off false alarms, using nothing more than an inexpensive, off-the-shelf radio connected to a laptop computer. He’s been able to compromise systems from popular security companies including both ADT and Vivint.
“The idea of covering a home with more security sensors does not translate into a more secure home,” Lamb told Forbes.
Meanwhile, Patrick Wardle and Colby Moore, who are researchers at security firm Synack, will present their findings about DropCam at Def Con. Wardle and Moore found that a DropCam system can be compromised by someone who has physical access to the device.
When a DropCam is booting up, it can be put into a mode that would allow someone to install malicious software. The software could be used to intercept video feeds coming from the camera or to replace the live video sent to the owners with another video stream.
In interviews with Forbes, both the security companies and DropCam played down the significance of the security flaws. But the vulnerabilities are further proof that in the digital world nothing – even those intended to enhance security – are absolutely secure.
Join the Discussion
Charlotte Observer is pleased to provide this opportunity to share information, experiences and observations about what's in the news. Some of the comments may be reprinted elsewhere on the site or in the newspaper. We encourage lively, open debate on the issues of the day, and ask that you refrain from profanity, hate speech, personal comments and remarks that are off point. Thank you for taking the time to offer your thoughts.