Security Issue

Hello,

So I came across this article today:


This is interesting stuff. in the middle of this article you find another links which bring my questions

and

Did anyone look into this?
Can someone jam the signals and easily bypass the alarm on Smartthings?
Does Smart hub has ability to encrypt the wireless connection?

  1. Yes. But you’re a 100x more likely to experience much less sophisticated service attacks like cutting your power, or Internet cable, or smash-and-grab fast enough to make the alarm useless.

  2. Yes there is encryption with certain vulnerabilities, but newer protocol versions are addressing this. In the meantime, see #1.

2 Likes
  1. I have a backup power and cellular Internet.
    Every alarm system has issue with smash and grab so I have cameras recording for the police to follow up. (better than nothing). My concern is why smart hub doesn’t have the anti-jam functionally. I understand this product is mainly for home automation but it has security feature that needs improvement. Jamming the signals are easy, easier than smash and grab.
  2. well, this is good news. do you have any source that I can get more information?
  1. Anti-jam functionality is a pretty sophisticated feature to expect from an $80 Hub. I’d suggest looking elsewhere if you believe you are at significant risk to jamming. Or, ideally, use a hardwired security system.

  2. Z-Wave and ZigBee both use reasonably strong encryption, but the ZigBee flaw has been publicized and affect ANY ZigBee HA based system (high-end Control 4 correction: not affected):, Hue, Wink, Iris,… It is addressed in ZigBee 3.0 (But I think SmartThings also added “secure rejoin” as a platform update to help reduce the risk). re: ZigBee 3.0 … http://processors.wiki.ti.com/index.php/What’s_New_in_ZigBee_3.0#Enhanced_security_for_Centralized_Networks_.28Networks_with_a_Coordinator.2FTrust_Center.29

Thanks for the info!

1 Like

If you’re talking about smashing the door/window and grabbing stuff and escaping, that’s certainly true. However, if you’re talking about smashing the security system console to avoid the alarm from reaching the monitoring service, that’s a different story.

I’m with FrontPoint and their system works like this. If a door or window or motion alarm is activated with the system armed, it will immediately notify the monitoring station. If it’s me or anyone else that’s authorized, they’ll disarm the system within the appropriate time and no action will be taken by the monitoring service. If however, it’s not an authorized person - even if they smash the security console completely destroying it , no disarm command will be received at the monitoring station and the response calls will go out. So, in a nutshell, an initial alarm signal immediately goes out upon sensor activation. If a second disarm signal is not received, response is notified. The system is cellular based so there’s nothing to cut.

This doesn’t make it’s foolproof and someone who is quick can out-run the response, but there will be a response no matter what happens to the console.

Also, this is why I don’t use SmartThings as part of my security system. It’s missing too much of this functionality and SmartThings just isn’t reliable enough for me.

Slightly off topic but just clarifying a bit.
Please return to your previous discussion :wink:

1 Like

My point about “smash and grab” is that petty burglars can quite likely break into a house with an alarm and have stolen somethings of value before the police will arrive.

I wonder what the statistics are for actual intruder arrests due to monitored alarm systems vs. cases where the system did not help, or cases where the sound of the alarm (as opposed to silent alarm) prevented theft.

Statistically, the risk of being burgled is low. Adding even a “vulnerable” security system reduces that by a non-trivial amount. The incremental value of a “less vulnerable” security system, really helps determine whether it is worth the cost.

I agree.

[quote=“tgauchat, post:7, topic:78889, full:true”] I wonder what the statistics are for actual intruder arrests due to monitored alarm systems vs. cases where the system did not help, or cases where the sound of the alarm (as opposed to silent alarm) prevented theft.
[/quote]

To further that last idea, I’d say that the fact that there’s security system signage outside and on the windows is a big help to avoid a robbery in the first place. I believe I’ve read many articles confirming this.

Agree again.

1 Like

Control4 does not use the ZigBee ha protocol. It uses a proprietary security model and not vulnerable to this type of attack. St is.

2 Likes

Really?

I’m neither a burglar nor a security system installer, but it seems to me smashing a window or taking a crowbar to a door takes far less sophistication, time and effort than reliably jamming any kind of wireless signal.

Do you know of any sources that cite #s of smash and grab home invasions vs. robberies that involved jamming the security system?

Totally agree with @tgauchat, if your situation is such that jamming of your security system is a significant risk, then you probably need a far more comprehensive security solution than that provided by a low-end home automation platform.

1 Like

Don’t tell the FCC!

But you raise an interesting point: If “bad guys” decide to use jammers to block ZigBee or Z-Wave signals from your sensors, then they likely are also jamming 2G, 3G, 4G signals which a cellular-based alarm system would use to inform central monitoring, and they likely would cut your internet cable to remove the physical connection.

I suppose the physical cable cut is the hardest in most situations; but around here, the cable comes down from a telegraph poll and enters through the wall, accessible easily from the street.

1 Like