![]() ![]() SimpliSafe spokesperson Melina Engel told FORBES that it was planning on releasing hardware with over-the-air firmware updates and that customers would be given a discount on those once they were available. ADT, this week bought for $7 billion, and Vivint were also caught out using unencrypted signals between the sensors and devices used to manage alarms. The attacks are not dissimilar to those demonstrated in 2014 against devices from bigger beasts than SimpliSafe. Just a few hours’ work would be required. But Zonenburg and IOActive head of research Cesar Cerrudo told FORBES an attack of this calibre could be carried out using a software defined radio and related hardware that could be bought for under $50. ![]() The access, which was attained with permission from the owner, allowed your reporter to unlock doors, turn off alarms and access the CCTV controls of the affected building from more than 5,000 miles away in London, though he didn’t go that far.Īn attacker would have to pay at least $250 for their own SimpliSafe system to carry out this attack. In a separate FORBES story released today, your reporter found it was easy to hack into an alarm system in San Francisco, all via a browser and armed with easily-guessable passwords. Such weaknesses, and more severe ones, have been found across the home and business alarm industry. It means there's no patch coming, leaving all owners without a remedy other than to stop using the equipment, Zonenberg said. SimpliSafe has also installed a one-time programmable chip in its alarm, meaning there's no chance of an over-the-air update. Anyone who can locate a SimpliSafe owner can use basic hardware and software, bought for between $50 and $250, to harvest customer PINs and turn alarms off at a distance of up to 200 yards away, said Dr Andrew Zonenberg, senior security consultant at IOActive. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |