A potential intruder would need to leave the device within 100 feet of your home's keypad, then basically press record and wait for you to disarm the system with your code.At that point, they'd have a record of the data packet that gets transmitted whenever you punch your code in. The packet doesn't tell them what the code actually is, but that doesn't matter -- all they'd need to do is use the device to resend the packet in order to disarm your system.
IOActive's researchers built and tested the device in August of 2015. After confirming that it worked, they say that they attempted to share their findings with SimpliSafe on multiple occasions, but received no reply. more