I wonder how long it will be before this thread is locked
Alarm insecurity - jamming, replaying and brute-forcing on the Yale HSA6400
- Thread starter cybergibbons
- Start date
Sponsored Links
What is your question?
Mine is
How often do you estimate that an ordinary domestic house, in an ordinary residential street, is burgled by a skilled person using a jamming or spoofing device to defeat a wireless alarm? Or by the coincidence of some other transmitter jamming the signal at the very instant that he jemmies open the door and later walks past each PIR?
And how often do you estimate that an ordinary domestic house, in an ordinary residential street, is burgled by a numbskull kicking open a door or climbing through a window and snatching car keys, handbag, cash and running off, alarm or not?
You are just being obtuse. I've answered, very clearly, and you haven't/
Sponsored Links
John has a history of dogmatically defending wireless alarms that use one way communication. He does this based his experience that the one alarm he has experience of has not failed. An alarm fails when it does NOT go to alarm during a break in at the property it is protecting. ( Maybe he has had experience of more than one alarm system and maybe they have all proven themselves to be reliable by going to alarm every time there was a break in.
Way back in May 2013 he was defending Yale alarms and I detailed the failure of a telemetry link due to intereference from high levels of near continuous 433.92 MHz modulated with digitalised audio.
I was asked to look into why the telemetry was failing with very high error rates. An off air monitor found what appeared to be digitised audio on 433.92 Mhz.
The telemetry link sends a packet with a check sum. The packet has to be acknowledged, if there is any error which the receiving end cannot correct then the acknowledgement indicates the error and the package is re-transmitted. As you know a Yale system that is one way could not do that and corrupted packets ( alarm messages ) would be lost. Alarms using two way comms would continue to send alarm messages until one was received and acknowledged by the panel.
Read more: //www.diynot.com/diy/threads/in-response-to-bernard-green.363196/page-2#ixzz4DYZgoAmF
Since then some other legal users of 433.92 MHz reported problems in the same geographical area. Their systems were robust ( two way, each message acknowledged ) and could cope with sustained interference but only with delays until the channel was clear enough to get data transfered free of errors..
The granting of type approval to equipment for use on licence exempt frequencies is not dependant on the equipment's communications protocols being robust enough to operate while subject to prolonged interference but it is strongly reccommended that such a protocol is used. It requires two communication to achive a robust protocol.
.
Way back in May 2013 he was defending Yale alarms and I detailed the failure of a telemetry link due to intereference from high levels of near continuous 433.92 MHz modulated with digitalised audio.
I was asked to look into why the telemetry was failing with very high error rates. An off air monitor found what appeared to be digitised audio on 433.92 Mhz.
The telemetry link sends a packet with a check sum. The packet has to be acknowledged, if there is any error which the receiving end cannot correct then the acknowledgement indicates the error and the package is re-transmitted. As you know a Yale system that is one way could not do that and corrupted packets ( alarm messages ) would be lost. Alarms using two way comms would continue to send alarm messages until one was received and acknowledged by the panel.
Read more: //www.diynot.com/diy/threads/in-response-to-bernard-green.363196/page-2#ixzz4DYZgoAmF
Since then some other legal users of 433.92 MHz reported problems in the same geographical area. Their systems were robust ( two way, each message acknowledged ) and could cope with sustained interference but only with delays until the channel was clear enough to get data transfered free of errors..
The granting of type approval to equipment for use on licence exempt frequencies is not dependant on the equipment's communications protocols being robust enough to operate while subject to prolonged interference but it is strongly reccommended that such a protocol is used. It requires two communication to achive a robust protocol.
.
in fact
John has a history of defending inexpensive DIY alarms when they suffer vague and unquantified smears about hypothetical attacks that bear almost no relation to real life.
Bernard likes to scour technical journals for examples which he likes to think might have some distant relationship to what happens in ordinary domestic houses in ordinary residential streets.
It's possible that there is somebody, somewhere, who claims that a budget DIY tools works to the same standards as an expensive professional one. However I have never met this person.
John has a history of defending inexpensive DIY alarms when they suffer vague and unquantified smears about hypothetical attacks that bear almost no relation to real life.
Bernard likes to scour technical journals for examples which he likes to think might have some distant relationship to what happens in ordinary domestic houses in ordinary residential streets.
It's possible that there is somebody, somewhere, who claims that a budget DIY tools works to the same standards as an expensive professional one. However I have never met this person.
Don't be, he is notorious for it..
It's possible that there is somebody, somewhere, who claims that a budget DIY alarm system works to the same standards as an expensive professional one.
I haven't met him but I have read a lot of his very many posts
Well fancy that.
I've always said that if you can afford more, you can buy better.
I recognise there are people who have a more limited budget, so there is no point in trying to talk them into spending more than they can afford. I have at times been in that position myself.
Perhaps the concept of the limited resource is hard to grasp.
I've always said that if you can afford more, you can buy better.
I recognise there are people who have a more limited budget, so there is no point in trying to talk them into spending more than they can afford. I have at times been in that position myself.
Perhaps the concept of the limited resource is hard to grasp.
So, put your money where your keyboard is. This is the £29 Ciseco ARF transceiver mentioned in your blog post...
Please give me one example of a burglar caught with one of these boards on their person. Just one please. That's all, then we can justifiably be worried about this new tech crime. Just one example...
The main complaint is that when people are buying the best they can afford they are often told things by the marketing people that creates in the buyer a false confidence in the ability of that low cost item to perform as well as a more expensive item.
That particular board requires support circuitry to be added, unlikely that a low grade criminal would be able to do that. Instead they will buy something like this
Product name: 433.92MHz remote control jammer blocker Car Garage Jammer NT-JM1A
Exactly! You've hit the nail on the head with a whopping great sledge hammer. It's a breakout board. That is the main argument of this thread and the reason for my rebuke of the original post. Yet the ARF is what Mr Gibbons is asking us to believe that [stupid] is going to use against your gran's wireless alarm. His article gives details of how to use the Python programming language and a linux based laptop with directional antennas to confuse the error correction code of wireless packets. Perhaps the burglar will perform this cyber crime after enjoying his £7.50 mocca chocca breakfast coffee, before taking up his day job at a financial trading floor in the City of London. A kind of Pierce Brosnan /Thomas Crown kinda guy. Sexy.
You can see here the blog writer running Python script RFJammer.py as root...
Just one example of a burglar with one of your ARFs please...
- Joined
- 23 Sep 2015
- Messages
- 169
- Reaction score
- 7
- Country
Paul, there are often several ways to crack a nut, as you know. Ultimately, however CG has approached the task, it can be replicated using a hand held gadget for less than £50 and no brain cells.
You have mis read his intent. Cybergibbons was pointing out that even the most sophisticated alarm system that uses wireless for critical communications can be defeated. Yes it will take a lot of expertise and ( expensive ) equipment but it is possible. He was not in any way suggesting that the average burglar would use ( or even have access to ) the type of equipment needed to hack a sophisticated system.
You asked for instances of domestic alarms being affected by jamming
Houses on an new build estate were fitted with alarms and a Park and Ride was set up next to the estate. There was a spate of thefts from vehicles in the Park and Ride, no signs of forced entry to the vehicles. About the same time there was an increase in the number of day time false alarms in the nearby houses. Off air monitoring in the Park and Ride showed that jammers were being used. Obviously this was to prevent remote locking of vehicles. Several suspects were arrested. It was made known that the Park and Ride would be monitored for key fob jammers and thefts from vehicles reduced to almost zero. At the same time false alarms in the estate ceased to be a problem. Co-incidence ?
DIYnot Local
Staff member
If you need to find a tradesperson to get your job done, please try our local search below, or if you are doing it yourself you can find suppliers local to you.
Select the supplier or trade you require, enter your location to begin your search.
Are you a trade or supplier? You can create your listing free at DIYnot Local
Sponsored Links
