Thursday, February 18, 2016

Personal Security Advisory: SimpliSafe Home Security Alarm Vulnerability

Researchers with the Seattle-based security consulting firm IOActive have released an advisory regarding SimpliSafe's wireless home security systems, claiming that the system doesn't adequately protect its transmissions from being recorded and reused...

A potential intruder would need to leave the device within 100 feet of your home's keypad, then basically press record and wait for you to disarm the system with your code.

At that point, they'd have a record of the data packet that gets transmitted whenever you punch your code in. The packet doesn't tell them what the code actually is, but that doesn't matter -- all they'd need to do is use the device to resend the packet in order to disarm your system.

IOActive's researchers built and tested the device in August of 2015. After confirming that it worked, they say that they attempted to share their findings with SimpliSafe on multiple occasions, but received no reply. more