Black Hat: Researchers explain how to disable home security systems

Share this article:
The gear that two researchers used to bypass home security systems.
The gear that two researchers used to bypass home security systems.

Two physical security experts demonstrated on Wednesday how they can disable a home or office's security system within minutes by using easy-to-acquire, cost-effective and often basic equipment.

Speaking at Black Hat 2013 in Las Vegas, Drew Porter and Stephen Smith, two senior security researchers at Phoenix-based security consultancy Bishop Fox, explained how it doesn't take much work.

The pair said there are some 36 million home- or office-installed security systems in America. Many of them consist of three basic components: door and window sensors, motion sensors and keypads.

Disabling the first two are fairly easy. Window sensors, depending on how they are constructed, can be undone by magnets or sheet metal. Motion sensors can be turned off, they discovered and demonstrated in a video, by a piece of cardboard or the light from a cigarette lighter. (The researchers attempted to showcase the exploits on stage, but encountered technical difficulties).

The harder piece to immobilize is the keypad. And it's also the most important.

"That's where everything connects to, and it reports out," Porter told the audience of several hundred. 

Key pads, which call out to police if there is a security breach, rely on different data connections to place the alert: usually landline and cellular.

To bypass the pads, the researchers relied on software-defined radio systems – USRP or the cheaper bladeRF (it runs a few hundred dollars) – which essentially jams the signal by sending commands that asks the key pad to latch on to a rogue cell phone network.

"You overpower the system," Porter said. "We pretend to be AT&T, and these devices jump right on it."

That prevents the key pad from calling out to the cops over a cell network. To prevent it from using the landline connection, attackers would need physical access.

The researchers said they are amicably working with affected vendors, whom they would not name. But many other manufacturers that they didn't test are likely susceptible, they said.

"They probably want to look into them, maybe update them," Smith said.

Share this article:

Sign up to our newsletters

More in News

Brazilian president signs internet 'Bill of Rights' into law

Brazilian president signs internet 'Bill of Rights' into ...

President Dilma Rousseff signed the legislation on Wednesday at the NetMundial conference in Sao Paulo.

Android trojan sends premium SMS messages, targets U.S. users for first time

Android trojan sends premium SMS messages, targets U.S. ...

An SMS trojan for Android, known as FakeInst, has been observed sending premium SMS messages to users all over the world, including, for the first time, the United States.

Report: DDoS up in Q4 2013, vulnerability scanners leveraged to exploit sites

Report: DDoS up in Q4 2013, vulnerability scanners ...

Researchers observed 346 DDoS attacks in the final quarter of 2013 and attackers used Vega and Skipfish vulnerability scanners to exploit web flaws at financial companies.