Alarm insecurity - jamming, replaying and brute-forcing on the Yale HSA6400

[cybergibbons]

A surprising number of burglaries happen with the occupier present.

Cash and jewellery are still the biggest by value taken during burglaries.

 

[JohnD]

doesn't alter the fact that a semi-literate 14-year old smack head is not a typical candidate for an alarm jammer.

 

[Twenty Four]

Regardless of the cost versus reward this is only the beginning and why I've avoided wireless devices. Alarms and IOTs are not designed by the 'right' people and when operational, fall into another realm of expertise altogether, thus leaving many devices unsecure and vulnerable to easy attacks.

 

[cybergibbons]

Yes, the wider implication is that these problems can be avoided, at little additional cost. Connect something to the Internet and you don't just need to worry about a burglar.

 

[Twenty Four]

On the positive side of things, CG. If someone has remotely adjusted someone else's central heating and turned it up to maximum and that house gets burgled at the same time by an alarm hacker burglar unaware of the central heating hack, the burglar might die of heat stroke.

*The above can be used in positive marketing spin for a fee.

 

[cybergibbons]

Haha, yes. I think I might get the blame though

 

[Twenty Four]

Haha, yes. I think I might get the blame though

In absolute reality though, you know there are plenty of people out there right now capable of hacking the simple flaws in heating security for instance and even more clearly visible homeowners out there ripe for the picking.

 

[cybergibbons]

Oh, when I published the Heatmiser issues, I got more than a few reports of people who had previously had their heating altered randomly.

 

[Twenty Four]

It doesn't surprise me at all. What does surprise me is why people are surprised. Technology is fabulous but it can also be fabulously flawed and until manufacturers address this on every product release I'd rather be in control of my own security.

 

[PaulUszak]

I’m very confused with your comments, Cyber. I made my post on the understanding that you worked for Pen Test Partners. Do you not? Your original post says we’ve made a blog post that you then link to: https://www.pentestpartners.com/blog/alarm-systems-alarmingly-insecure-oh-the-irony by Andrew Tierney. You also stated that your company had held a seminar on this topic.

Am I wrong? You clearly haven’t read your own blog, and obviously don’t understand the technical details and images in it. All the technical comments I made relate directly to your blog and the Strasser, Danev and Capkun paper that you link to (just below the reactive bit jamming signal trace). The penetration testing that your company undertakes is extremely technical and the guys get paid a lot. That’s why I alluded to you being a marketeer selling things you don’t fully understand in order to sell through fear. Fear, uncertainty, doubt. FUD. Isn’t the true irony that you’re selling something you don’t understand?

If you understand any of your own blog, I apologise and humbly take all this back with my tail firmly between my legs.

My position remains the same. I think that we should defend against JohnD’s 14 year old smack head with an old screwdriver rather than some James Bond character with a laptop and directional antenna. If I'm wrong, show us police statistics...

 

[PaulUszak]

I think the fact that few residents are known to have collections of diamonds and gold bars may affect the class of criminal we get.

If you secure your house with magnetic anomaly detectors, blast resistant windows and get yourself a Mossberg, you can easily improve the quality of your criminals if you're not happy with them...

 

[JohnD]

I haven't got magnetic anomaly detectors.

 

[cybergibbons]

I’m very confused with your comments, Cyber. I made my post on the understanding that you worked for Pen Test Partners. Do you not? Your original post says we’ve made a blog post that you then link to: https://www.pentestpartners.com/blog/alarm-systems-alarmingly-insecure-oh-the-irony by Andrew Tierney. You also stated that your company had held a seminar on this topic.

Am I wrong? You clearly haven’t read your own blog, and obviously don’t understand the technical details and images in it. All the technical comments I made relate directly to your blog and the Strasser, Danev and Capkun paper that you link to (just below the reactive bit jamming signal trace). The penetration testing that your company undertakes is extremely technical and the guys get paid a lot. That’s why I alluded to you being a marketeer selling things you don’t fully understand in order to sell through fear. Fear, uncertainty, doubt. FUD. Isn’t the true irony that you’re selling something you don’t understand?

If you understand any of your own blog, I apologise and humbly take all this back with my tail firmly between my legs.

My position remains the same. I think that we should defend against JohnD’s 14 year old smack head with an old screwdriver rather than some James Bond character with a laptop and directional antenna. If I'm wrong, show us police statistics...

Paul - what are you talking about? I'm trying to work out how I could have written the blog yet not understood any of it. That's nonsensical.

I know I link to the paper. It's the source of the image, that's it. I'm wondering what the relevance is of the rest of it's content (which you brought up). I don't refer to it, because it is not relevant.

I asked you to clarify who was marketing to who, as you hadn't made it clear. You admit to this when you use the word "alluded" above. I don't sell alarms.

I really don't understand the harm in publishing this. There are better alarms available for very little extra money. It's not widely known how easy they are to jam, even ones that claim to have jamming protection.

 

[cybergibbons]

I mean, where is your line for a vulnerability being serious?

Encryption totally token? http://cybergibbons.com/alarms-2/multiple-serious-vulnerabilities-in-rsi-videofieds-alarm-protocol/
Backdoor root account? http://cybergibbons.com/alarms-2/backdoor-root-account-on-visonic-powerlink-2-modules/
Backdoor shell access on DVR? http://news.softpedia.com/news/back...lls-to-an-email-address-in-china-500502.shtml

No "14 year old smack head with an old screwdriver" is going to be exploiting these, so don't worry about them?

 

[cybergibbons]

Also still can't work out why the Ubuntu desktop is relevant.