Forgot your password?
typodupeerror
Security Technology

$20 'Toy' Deactivates Cheap Home Alarms, Opens Doors 153

Posted by Soulskill
from the don't-come-in-or-i'll-beep-at-you dept.
mask.of.sanity writes "Cheap home alarms, door opening systems and wireless mains switches can be bypassed with low-cost and home-made devices that can replicate their infrared signals. Fixed-code radio frequency systems could be attacked using a $20 'toy', or using basic DIY componentry. Quoting: 'Criminals might be able to capture IR signals if they can get a line of sight to when the system is being armed or disarmed. If a criminal knows what type of alarm system you're using then they could do what we did here and reverse it for cloning a remote. A more likely scenario is just to buy a duplicate system and use that remote. Not all IR remotes can be switched from the same system. It depends on whether a code is being transmitted and how many variations of the code and remote exist. In the system described in this post, there is no code, just a carrier signal. If a code is being transmitted, then the Infrared toy can capture it and replay it. So that's your best bet for a criminal looking at a completely unknown remote.'"
This discussion has been archived. No new comments can be posted.

$20 'Toy' Deactivates Cheap Home Alarms, Opens Doors

Comments Filter:
  • by Ferzerp (83619) on Friday September 13, 2013 @08:45AM (#44840061)

    So can many universal remotes, so can a computer, so can anything else.

    This is almost as silly as the "access to an unencrypted disk is access to your data!!!!!" story from a few days ago.

    • by Anonymous Coward on Friday September 13, 2013 @08:54AM (#44840163)

      So can many universal remotes, so can a computer, so can anything else....

      Of course the very first thing the article covers is universal remotes and how they didn't work.
      Perhaps, in the future, you should RTFA before commenting.

      • But he completly ommited the WHY they didn't work.

        • by RoboRay (735839) on Friday September 13, 2013 @11:27AM (#44841519)
          Cheap universal remotes have limited frequency bands and can only manage capture and send short signals (discrete keys, say, instead of macros).

          Good (and expensive, of course) universal remotes do not have these limits and would work fine.

          The writer erroneously made a definitive statement based on a single data point.
          • Even if it's limited: the article said the alarm systems frequence is identical to the one used by remote controls and only an empty carrier is sent. (so neither keys or macros)

            • by RoboRay (735839)
              Used by which remote controls? Many cheaper universals can send only on the frequencies that are the most commonly used and cover about 95% of consumer IR devices, but it's not at all rare to find an IR remote-controlled device that operate a little outside those common bands, especially from smaller or newer manufacturers, and those universal remotes won't work with those devices. While a better (and more expensive) universal remote does. I have run into that myself, personally, with some obscure brande
              • "Plugging in values, we get the frequency of 38.52khz.
                Wait a minute. Don't many infrared recievers use 38khz as a carrier wave? Yep, they do. But in signals sent by your TV, this carrier wave is sent in a discrete number of pulses with well timed on and off periods. The alarm for this security system just sends the carrier wave on."

                Is that .5kHz deviation large enough to be not recognized by the remote anymore? it can't be the code/pattern as there isn't one

                • by RoboRay (735839)
                  Possibly, but I think the more likely issue is that remote in question is balking at sending a continuous stream of all zeros.
      • by RoboRay (735839)
        He used the wrong universal remote. Rather than saying "a learning remote doesn't seem to learn the signal" he should have said "the one cheap learning remote with limited capabilities that I tested doesn't seem to learn the signal."

        If you use a capable, programmable remote that can capture very long strings of signals across very wide frequency bands (like my trusty old Pronto TSU-7000), it could work as well (or maybe even better) than that toy.

        Of course, since the toy is a far, far cheaper solutio
    • by Xicor (2738029) on Friday September 13, 2013 @08:54AM (#44840165)
      it is a big deal because unlike a universal remote, security systems are supposed to be, well, secure. you shouldnt be able to hack a security system with a 20$ toy.
      • How long before there's an "app for that"?

        • by Big Hairy Ian (1155547) on Friday September 13, 2013 @09:25AM (#44840435)
          Had one years ago for my I-Paq which was great fun in banks & airports for changing the settings on the aircon :D

          For the younger readers I-Paq is nothing to do with Apple :)

        • About negative one decade. I was doing this with my Treo 180 and OmniRemote. Worked great for university AC systems where they kept the remotes in a central office.

        • It's not much different from one of those TV-B-Gone remote controls that turn of TVs, except they're programmed to run through all the common TV shutoff codes and he figured out which one he needed for his particular device. (They're basically just a microcontroller, IR LED, battery, and switch.)

          As far as "there's an app for that" goes, most of the TV remote control apps I've seen cost a few dollars, just because they can, and because Apple encourages you to charge money to use their app store.

      • by operagost (62405)
        But this is kind of like hacking a door lock with a crowbar.
        • by Minwee (522556)

          But this is kind of like hacking a door lock with a crowbar.

          It's more like hacking a door lock by twisting it 45 degrees clockwise and then pushing.

      • by Rob the Bold (788862) on Friday September 13, 2013 @09:24AM (#44840427)

        it is a big deal because unlike a universal remote, security systems are supposed to be, well, secure. you shouldnt be able to hack a security system with a 20$ toy.

        If your "security" system cost $8 like the one they hacked, you probably got what you paid for. I doubt that anyone is using this kind of thing to secure anything of importance. Most are probably sold as a novelty or to keep roommates out of your stuff, sort of. They say there are also IR door keys that are also hacked similarly, but I don't see examples in TFAs. And I've never seen an IR door key in actual use, not that my experience is definitive.

        • by AmiMoJo (196126) * <mojo@NOspAm.world3.net> on Friday September 13, 2013 @10:00AM (#44840787) Homepage

          If your insurance company asks if you have a security system and you say "yes" because you spent $8 on one, is that fraud?

        • by Xicor (2738029)
          yea but think about all those systems that use apps to control them from anywhere. what happens when someone finds a way to make those unsecure?
        • by Obfuscant (592200)

          If your "security" system cost $8 like the one they hacked, you probably got what you paid for. I doubt that anyone is using this kind of thing to secure anything of importance.

          This. You don't pay AU$8 for a security system to guard your Picassos or Tang dynasty Chinese vases. You pay AU$8 for a security system that does nothing more than make a noise when an unsuspecting person enters an area. It's not going to stop someone who is determined to steal from you.

          This article is ... on so many levels it is ridiculous.

          • This guy opens the remote and tells us that "you might be able to recognise a circuit that has 4 resistors, 2 capacitors, and 2 transistors". Yes, it would be a circ
      • by cusco (717999)

        Home "security systems" like those installed by ADT and Comcast are not actually meant to be secure, they're just meant to make home owners feel better. Actual security systems (which I work with) are fairly intrusive into one's day to day life and are VERY expensive to install, configure and maintain correctly. Think $5,000-$30,000 to do a basic install with decent quality hardware/software.

        • by Belial6 (794905)
          From the other side, I would say that you are wrong. I have known several burglars, and all of them agree that home security systems are effective. If they see a house has an alarm, they simply move to the next house.

          Home security systems are like door locks. They are useless keeping out someone determined, but are pretty effective at making your house more bother than it is worth for a burglary.

          Home security systems don't need better remotes because most people don't use ir remotes to access their
          • by cusco (717999)

            I'm not surprised by what you say, it sounds reasonable. The signs then are just as effective as actually having the system. Working in the security industry I've recognized a couple of houses in our neighborhood that show security system signs for companies that either don't exist or which only exist in other states.

            Those aren't actually security systems, then. They're deterrent systems.

          • by JWSmythe (446288)

            That's been discussed a lot on here in the past.

            One in particular that I remember was about a laptop locking cable that you could unlock with a pen in just a few seconds.

            If a criminal wants a laptop, and sees 3 sitting around. No one is at them, and he has a few moments of no one looking. One is on a desk with the easily defeated cable. One is on another desk, tied down with a piece of string. The third was just put into a laptop bag, and is on the floor by a chair.

            He won't go for the one with the cable

      • by djrobxx (1095215)

        it is a big deal because unlike a universal remote, security systems are supposed to be, well, secure. you shouldnt be able to hack a security system with a 20$ toy.

        The article is about hacking an $8 security system! I don't think anybody is going to purchase it thinking it's going to protect them against hackers with sophisticated reverse engineering knowledge.

    • by paskie (539112)

      Indeed. I'm just waiting how long for a firmware for TV-B-GONE. :-) That should be reasonably trivial?

      In related news, researchers show that cheap door can be kicked down.

  • by coinreturn (617535) on Friday September 13, 2013 @08:47AM (#44840081)
    Does anybody's garage door still use some fixed code remote? Come on. This is not 1960.
    • by Joce640k (829181)

      My alarm dates from 1060 - a flock of geese!

      (very difficult to spoof...)

    • Quite a few are still in service. The rolling code systems didn't come out until the mid 90s.
      • Quite a few are still in service. The rolling code systems didn't come out until the mid 90s.

        I don't know if you're a garage-door guy or something, but my experience with the controller boards is that they do not last anywhere near 20 years.

        • Quite a few are still in service. The rolling code systems didn't come out until the mid 90s.

          I don't know if you're a garage-door guy or something, but my experience with the controller boards is that they do not last anywhere near 20 years.

          Your experience has holes in it, then. Installed 1992. Still in use. The only maintenance required has been to de-oxidize the contacts on the manual switch.

          • by X0563511 (793323)

            The difference is you actually maintained/repaired it. Usually that would have been thrown out.

          • Wow, your experience differs from mine! Who would have thought such a thing? I've had multiple boards go bad (capacitor failures, fried electronics).
            • Wow, your experience differs from mine! Who would have thought such a thing? I've had multiple boards go bad (capacitor failures, fried electronics).

              Virtuous living. Obviously. Semi-virtuous anyway. I live in a high-lightning region. It has fried 2 electronic thermostats, popped Ground-Fault Interruptors, and blown an alarm sensor, but the garage door opener goes on. And it's 105 in there at the moment.

              As I said, the only thing I've ever had to do to it was scrape down the contacts on the switch at the wall. And lube the drive every year or 3.

              The thermostats, incidentally, blew out their changeover relays. The part that determines "heat" or "cool". So I

              • I lost two garage door openers to lightning. Along with computers, televisions, answering machine, xbox, and all kinds of other stuff. It was the loudest thing I ever heard when that bolt struck.
        • Quite a few are still in service. The rolling code systems didn't come out until the mid 90s.

          I don't know if you're a garage-door guy or something, but my experience with the controller boards is that they do not last anywhere near 20 years.

          I've lived in 3 houses with 20+ year old garage door controllers. Those old partless wonders last forever in my experience. My current one doesn't even have any kind of forced reversing feature or IR obstruction detectors. Total death trap.

        • by MightyYar (622222)

          Mine has to be at least that old. The remote is brown plastic, for goodness sakes. My mother-in-law's is even older. 20 years old doesn't seem that old anymore when you are middle aged :) My air conditioner is from 1984, but sadly I must retire it as R-22 is too damn expensive now.

        • by cusco (717999)

          We just replaced our garage door two years ago, and the opener with it. It had the original installers' sticker on it, dated 1976.

        • by whoever57 (658626)

          I don't know if you're a garage-door guy or something, but my experience with the controller boards is that they do not last anywhere near 20 years.

          They are probably just like every other consumer device these days. Over 20 years ago, they built them to last over 20 years. Modern devices are built to last 5 years.

        • by mythosaz (572040)

          Many gated communities use simple fixed-code garage openers, and it's ALWAYS cheaper to not have to hand out 200 new remotes than to keep using the same dated technology.

          When many of these systems break, the get fixed with refurb old technology.

          • Many gated communities use simple fixed-code garage openers, and it's ALWAYS cheaper to not have to hand out 200 new remotes than to keep using the same dated technology.

            When many of these systems break, the get fixed with refurb old technology.

            The newer openers allow you to program them to accept remotes. Instead of handing out 200 new remotes, you can reset the controller and then program it to accept the remotes. I've never lived in a gated community, so I don't know their SOP.

    • by rubycodez (864176)

      they aren't IR anyway

      • they aren't IR anyway

        No shit, sherlock. TFS mentions both IR and "fixed-code frequency" (i.e., RF).

  • Keys are copyable?! (Score:5, Informative)

    by erroneus (253617) on Friday September 13, 2013 @08:48AM (#44840089) Homepage

    Say it isn't so!!! Someone made a copy of my keys from a wax mould. So I got an electronic lock. So now that is vulnerable too?! Say it isn't so!!

    I'm sorry, but if you want to secure a transmitted signal, then SECURE IT. Signals which are one-way only are weak by definition. Instead, there should be work done on systems which require an encrypted signal started by the key device and received by the lock which returns with a reply to the key device which acknowledges the reply.

    And yes, even THAT can be replicated... it's just harder. But the rule is that which can be locked can be unlocked. It's a question of complication.

    • by Anonymous Coward

      You want the lock to securely verify the key, not the other way round. It is very unlikely that an attacker builds a lock which can be opened by your key. He more likely will want to make a key which opens your lock.

      If you use public key cryptography with the private key stored in the key device, there's no way an attacker could clone your key device without getting hold of it.

      • by Anonymous Coward

        Exactly, you want your key to "initiate", have the "lock" to transmit a random challenge, sign that in your "key" and send it back to the "lock".

    • Pay for better insurance, make backups, and don't worry about it as much.

      • by erroneus (253617)

        Yes... let's support the insurance racket. It worked out so well for healthcare.

      • by Belial6 (794905)
        This is the correct answer. The fact is that no home is going to be made so secure that it can't be robbed. Even if you have steel doors with reenforced deadbolts, and steel bars over all your windows, a $40 battery operated reciprocal saw will take you right through the wall. If you don't have bars on your sliding glass door, a free rock will get you in. Homes are simply insecure.
  • Holy crap! That is amazing! Who made this wonderful discovery, surely they must be nominated for some sort of prize. Oh, wait, everything with even the slightest bit of security uses rolling codes. Oh well.

  • Anyone who buys one of those cheap alarm systems probably doesn't have anything worth stealing anyway.
  • Goodness (Score:5, Funny)

    by Drewdad (1738014) on Friday September 13, 2013 @08:58AM (#44840205)
    It's almost as if the security company is selling the appearance of security instead of actual security. Surely, they wouldn't be so mercenary.
    • Society (Score:3, Insightful)

      by stooo (2202012)

      It's almost as if the security society is selling the appearance of security instead of actual security. Surely, they wouldn't be so mercenary.

      • by Belial6 (794905)
        Actually they are. The funny thing is that in this case, they are correct. Having known several burglars, they universally say that they would just move to the next house if the one they were considering looked like it had an alarm.
  • pans attached to a string !
  • by fermion (181285) on Friday September 13, 2013 @09:03AM (#44840247) Homepage Journal
    For many years I have been able to buy TV remotes that work with any brand TV. My first universal remote was programmed in exactly this way, but copying the signal from the original remote. Now we have remotes that have a database of signals built in and you just punch in the signal.

    It seems to me that there is a finite number of signals any security manufacturer will use, just like there are a finite number of 4 or six digit codes. The difference is that while a human may only be able to try 10 codes a minute on a keypad, a scanner should be able to increase that rate by a factor of 5. Thus a criminal could sit in a car across the street for 20 minutes and check 1000 codes to see if they can disarm the alarm. Or pretend to be delivering a package, leave the device there, and come back when in an hour to see if the house have been left insecure.

    As an aside, many years ago when automatic garage doors became popular, and IR or radio transmitters were not cheap, I am told that they worked off car horns. The story goes that teens would drive down the street at night, honking their horns, to watch the garage doors go up. Security is always a compromise between convenience and actual security. The former does tend to win out.

    • by rasmusbr (2186518)

      Maybe so, but there is no technical reason not to use a long key. The bit rate is more than 100 bits per second IIRC, so a 64-bit key would work without being inconvenient. It would obviously take a long while to brute force that.

      By the way for anyone interested in starting out with digital electronics and micro controllers, making a an IR-lock and a key (and then a key sniffer for extra credit) is a good first project in terms of difficulty. You could start with an old remote as the key for the first itera

    • by _Ludwig (86077)

      So have the security system limit attempts. As soon as it detects that it’s being code-spammed, it stops listening for some amount of time. Rinse and repeat. The criminal’s device won’t know that the system isn’t listening, so it will consider all the codes it sent during that time as incorrect.

    • by cusco (717999)

      A good system will throw an alert after too many (>5 or so) access failures. Any adequately monitored system would see your first dozen or so failed attempts and have someone cruise by to see what is going on. Having said that, these are home systems, which are faulty by design. The only homes that get actual security are those of people like Warren Buffet, who can afford to cough up >$50,000 on a system, and pay decently trained staff to monitor it. There's an enormous gap between the two extreme

    • by Belial6 (794905)
      More likely, the burglar would not bother waiting 20 minutes, which increases the chances that someone will see them, notice them, and report them to the police. Instead, they would just break into the house next door that doesn't have security alarm stickers in the window.
  • by 140Mandak262Jamuna (970587) on Friday September 13, 2013 @09:04AM (#44840255) Journal
    My home alarm system is almost a decade old. It is armed with a dial pad on egress door usually. It has one arm/disarm remote in the second floor. But it is not IR. It is RF, similar to garage door opener. It has rolling codes. Wondering how common is the IR disarming remotes for home security.

    But I am more worried about the garage door openers coming with cars. They have usually three buttons in the rear view mirror. You hold the regular garage door open close to it and operate the door two or three times. Somehow the car gets not only the code but also the "rolling codes" and becomes a new duplicate garage door opener. Wondering what kind of security has been implemented there. If I use a sophisticated and powerful radio receiver to capture the code transmitted by the garage door opener two or three times, would it be enough to get the rolling code algorithm?

    • by swaq (989895)
      My car has HomeLink in the mirror. I believe in order to learn the code the remote needs to be close to the mirror (though I didn't test from further away). For rolling codes, I had to capture several button presses in a row (about 5 times, if I recall correctly). I'm pretty sure the captures need to be sequential to learn the rolling code.
      • From what I could make out from wiki ( http://en.wikipedia.org/wiki/Rolling_code [wikipedia.org] ), looks like the password is 16bits, it is encrypted with a 32 bit pattern. Thinking back, to make the car "learn" the garage door, you need to put the door opener in the "synch" mode or "learn" mode first. Then the first key press transmitts the random seed value. Both the car and the door opener intercepts this seed value. That is how the car is able to become an authorized transmitter. It further needs a few more key presse
        • by chihowa (366380)

          Well, according to this [kuleuven.be], it would take a small compute cluster and 2-3 days to crack after capturing 65 minutes of solid transmissions. So, not terribly secure, but good enough for a medium with such a low transmission rate. The thief would need physical access to the transmitter (and a fresh set of batteries for it) and couldn't rely on incidental intercepts.

        • by swaq (989895)
          Ah, that's right. I recall having to push some button on the garage door receiver and then do the learning sequence within a certain number of seconds (30?).
    • by Anonymous Coward

      They are super common when you buy your "alarm system" at the dollar store.

      This entire story is a farce.

    • by BcNexus (826974)
      The answer to this---IIRC-- from what I read is that a universal garage door opener rolls through the codes until it gets to one that works. It can do that if it knows where to start, and it does know where to start because the user sent it a seed signal from the OEM opener.

      It's like modulo arithmetic, I think: go far enough and you loop around to the same answer, or at least an answer. In this case, the answer is a code that works.

      I'd post a link to the Wikipedia article that I read sometime ago explai
    • by djrobxx (1095215)

      To use HomeLink with a rolling code garage door, you first teach HomeLink your remote. I suspect it is simply detecting the type rolling code opener you're using. At this point the HomeLink will transmit a code, but it still does not open the garage door. You now need to press the "Learn" button on the opener and transmit a code from the HomeLink to get it to accept the codes. This, incidentally, can be quite a pain if you only have 30 seconds to get down from a ladder and back into your car to pus

      • That is a big problem for most slashdotters. Most regular folks will have friends they meet face to face who will happily sit in the drive way and press the garage door opener when you yell, "now". But for people with only cyberfriends (and freaks and fans) it is a real problem. Not to worry. Pretty soon we will develop remote presence robots controlled by our cyberfriends who would see us face to feet.
  • 20+ years of owning big dogs. I've lived in several "rough" neighborhoods and I have never had anyone try to break in. A German Shepard's bark is far more effective than any form of electronic protection.
    • by kevinT (14723)

      Having a big dog and a sign that says - Forget the dog, beware of owner -

    • 20+ years of owning big dogs. I've lived in several "rough" neighborhoods and I have never had anyone try to break in. A German Shepard's bark is far more effective than any form of electronic protection.

      The best security system you can have is a dog, You have a lot of what if replies but it's a known fact. Nobody gets close to my place
      without my dog letting me know, he also does this without being a nuisance.

      Security companies also make more money than one would think just selling signs or decals claiming a home alarm is installed for those
      with or without pets.

      • My downstairs apartment neighbor has a dog. Always barks when I'm going up or down the stairs, sometimes before.

        I used to live in a house with a driveway that was right next to my neighbor's, separated only by a low fence and a few feet of grass. The dog was usually outside, and considered my driveway to be part of his territory, so he'd bark if I went out to the car or drove up and got out of it.

        • My downstairs apartment neighbor has a dog. Always barks when I'm going up or down the stairs, sometimes before.

          I used to live in a house with a driveway that was right next to my neighbor's, separated only by a low fence and a few feet of grass. The dog was usually outside, and considered my driveway to be part of his territory, so he'd bark if I went out to the car or drove up and got out of it.

          My neighbor got a new dog that he left alone during the day while he went to work. I was working the graveyard shift when this started.
          Damn dog barked all freaking day, for two days. I purchased a BB pistol and when it started barking the third day
          I cracked the door a bit and shoot it in the a$$.

          Dog never barked again :} figure it didn't know what happened and it stung so bad that keeping a low profile was to it's benefit.

          I feel I treat my dog very well, we go to the park and walk along the river everyday r

    • by Smauler (915644)

      I've got a big dog, too... a large munsterlander, 40kg. Unfortunately, he's the biggest wuss you'll ever meet. Burglars don't know that, though, and he's got a good bark, if he even notices anyone has arrived.

  • Sheldon: What if someone kidnaps me, forces me to record my voice, and then cuts off my thumb?

  • And the solution to this is, of course, to ban DIY electronics right? These are IEDs, Improvised Electronic Devices they are making! Terrorists! To Guantanamo with them!
  • That's not a "consumer grade home security system". It's a motion sensor alarm. A cheap, pitiful motion sensor alarm. That a $7.80 alarm doesn't use a sophisticated or even up-to-date remote shouldn't be a surprise to anyone

    • That's not a "consumer grade home security system". It's a motion sensor alarm. A cheap, pitiful motion sensor alarm. That a $7.80 alarm doesn't use a sophisticated or even up-to-date remote shouldn't be a surprise to anyone

      Yes, something someone would take with them on a trip. a take along security system. How many people you think are going to be waiting for
      them to record their code :}

  • Sounds like a "weird" trick. Should it be banned?

  • Burn Notice? :)
    • by The-Ixian (168184)

      When you're a spy, you need to learn that sometimes, the easiest way to foil a security system is with an Infrared transmitter. A $20 toy from your local toy store will work just fine.

  • I can't think of any security systems that are actually listed and labeled as security systems that use infrared technology to operate.

    Their "security system" is an eBay purchase for $8 AU is hardly worth calling a "security system"

    This is in the same level as if I said I picked a 20 cent "lock" that uses a single tumbler with a 2 cent paperclip. That lock provides no real security in the same manner as their eBay security system.

    There is a reason independent labs test, list, and label security systems. And

  • So? (Score:4, Informative)

    by twotacocombo (1529393) on Friday September 13, 2013 @11:22AM (#44841483)
    They could go through all this trouble to try and capture your code, defeat your security system.. Or, they could go to one of the other hundreds of thousands of houses in the country that have no security system whatsoever. You want to keep a burglar at bay? Get a dog with a mean sounding bark.
    • by Medievalist (16032) on Friday September 13, 2013 @02:15PM (#44843145)

      Your best defense against burglary isn't cops, dogs, or security systems.

      Your best defense against burglary is availability of meaningful, good paying work in your geographic area.

      That's why the 1% clump together in gated communities or live far away from everybody else. Because they know cops, dogs and security systems are mostly just security theater, and the best way to be truly secure in your belongings is to stay far away from the hungry and unemployed.

    • Yep, best security system available for the urban residence. Even a small dog will keep them back, they aren't going to get into a wrestling match with any sort of dog, unless they plan on turning the possibility of having to fire a weapon into the certainty of having to do so.

Entropy isn't what it used to be.

Working...