DIY Home Security Systems Vulnerable to Hacking
Consumer Reports shared its findings with all five manufacturers and asked each if they would update their systems to prevent interference. Only Eufy has explicitly stated that it will fix the jamming issue (the company plans to release a software update in early April). Cove said it was considering moving to encrypted sensors for a future version of its system and was “monitoring whether the cost and complexity was justified by the threat on the ground.” Ring said it has “implemented safeguards in our Ring Alarm system to help resolve wireless signal jamming, and we will continue to invent ways to help protect our customers,” but didn’t elaborate further.
SimpliSafe responded that it is continually refining its jamming detection algorithm and releasing “security updates to protect our system against jamming vulnerabilities.” Abode pointed out that it offers jam detection as a standard feature, but didn’t address the jamming itself.
Manufacturers that don’t currently offer jamming detection were mixed as to whether they would add it. Cove said it plans to add jam detection to its system next year, but likely as an optional feature. Eufy said it won’t add the feature to its system. Ring wouldn’t directly answer our question about whether it will add this feature to its system.
There may be a reason for their reluctance. “Jamming detection can create false positive alerts due to interference from other wireless devices, which could be why some brands chose not to implement the feature,” says Garcia.
In addition to the jamming vulnerabilities, Abode and Cove had a handful of small, low-risk security issues that we found, which they fixed.
Bruce Ehlers, vice president of product development and engineering at Cove, adds that the home security industry doesn’t view these types of attacks as a huge problem, with millions of such systems in American homes. today. The deterrent value of an affordable home security system is market-proven, and “the industry has not seen significant real-world intrusions due to replay or jamming attacks,” says Ehlers.
Glenn Gomes-Casseres, vice president of product and design at SimpliSafe, points out that these attacks are difficult to pull off in the first place.
“To block a device would require running a very nuanced protocol perfectly with devices specifically tuned and configured for that purpose,” says Gomes-Casseres. “And even if successful, with SimpliSafe’s built-in detection, customers are alerted and cameras are queued to record and capture evidence of jamming attempts.”