Every connected device multiplies the vulnerability of a network. The recent explosion in IoT devices in modern homes has created a treasure trove for hackers. With so many unsecured devices, which are all potential gateways – it is easier than ever for hackers to make their way into home networks. Even your home alarm system, designed to keep physical intruders at bay, may actually be a means for virtual intruders to steal sensitive and personal information.
The safest solution is to keep home security systems off the network
When it comes to home security systems, they’re not as secure as we think they are. In fact, they could potentially be putting us at risk. What’s surprising though, is that even our devices that are not connected to the internet – such as classic, non-digitised, 1993 kind of security systems – could pose a treacherous security threat. Although, still currently the safer option.
According to security researchers, even the best-selling home alarm systems could be easily undermined to either suppress the alarms or to generate several false alarms which would make them unreliable. This is because hackers could trigger a false alarm with a simple tool from a distance of up to 300 metres. Again, deactivation is possible from a similar distance. It doesn’t matter where the alarm was manufactured. This is based on the fact that most radio alarm systems are based on high-frequency signals sent between door and window sensors to a control system which triggers an alarm when one of these entries is breached.
Regardless of whether the alarm is activated or not, the signals can still be triggered each time a marked window or door is open. But when this option is activated, the system triggers the alarm and also sends a silent alarm to the monitoring company, which contacts the residents or the police. Many systems cannot encrypt or authenticate the signals sent by the sensors to the control panels, which makes it easy for anyone to intercept data, decrypt the commands, and return them to the control panels arbitrarily.
Connectivity means vulnerability
Whilst alarms not connected to the network are not completely safe – it gets worse. For consumers and businesses opting to choose a security system that does connect to the network – they risk being less secure than before even purchasing a security system.
Systems connected to IoT contain more security errors than we would realise. Think about it. Security systems that connect back to our mobile devices through the internet or the cloud may offer motion detectors, video cameras with recording functions and door and window sensors. But what they don’t offer – is the assurance that the only person watching these videos is the homeowner themselves.
Such home security systems are connected to a mobile device or the Internet through the cloud and have a multitude of functions such as motion detectors, door and window sensors, and video cameras with recording functions. Although the aim of these systems is to offer security to a homeowner, due to the vulnerabilities, the owner of the home security system is possibly not the only one monitoring the home.
Hackers have the capability to hack into an IoT smart home system. Once connected to your home system, the hacker can connect to your network. This gives the hacker access to any device associated with that network – be it your broadband, smart phone, smart heating system or computer. All this data connected to the network is then in the hands of the hacker – and data is one of our most valuable assets.
As with all cybersecurity issues, so long as a vulnerability exists, a hacker will be there to exploit it. The fact of the matter is that connected home security systems are not as secure as they should be – and hackers know this. The industry needs to make more secure systems available in order to patch the current vulnerabilities. As hardwire security systems are still the most secure, it is clear that we still have quite a way to go before truly secure smart home security products are available.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.