$20 'Toy' Deactivates Cheap Home Alarms, Opens Doors 153
mask.of.sanity writes "Cheap home alarms, door opening systems and wireless mains switches can be bypassed with low-cost and home-made devices that can replicate their infrared signals. Fixed-code radio frequency systems could be attacked using a $20 'toy', or using basic DIY componentry. Quoting: 'Criminals might be able to capture IR signals if they can get a line of sight to when the system is being armed or disarmed. If a criminal knows what type of alarm system you're using then they could do what we did here and reverse it for cloning a remote. A more likely scenario is just to buy a duplicate system and use that remote. Not all IR remotes can be switched from the same system. It depends on whether a code is being transmitted and how many variations of the code and remote exist. In the system described in this post, there is no code, just a carrier signal. If a code is being transmitted, then the Infrared toy can capture it and replay it. So that's your best bet for a criminal looking at a completely unknown remote.'"
Ok? How is this new, or a big deal? (Score:3, Insightful)
So can many universal remotes, so can a computer, so can anything else.
This is almost as silly as the "access to an unencrypted disk is access to your data!!!!!" story from a few days ago.
Re:Ok? How is this new, or a big deal? (Score:5, Informative)
So can many universal remotes, so can a computer, so can anything else....
Of course the very first thing the article covers is universal remotes and how they didn't work.
Perhaps, in the future, you should RTFA before commenting.
Re: (Score:3)
But he completly ommited the WHY they didn't work.
Re:Ok? How is this new, or a big deal? (Score:5, Insightful)
Good (and expensive, of course) universal remotes do not have these limits and would work fine.
The writer erroneously made a definitive statement based on a single data point.
Re: (Score:3)
Even if it's limited: the article said the alarm systems frequence is identical to the one used by remote controls and only an empty carrier is sent. (so neither keys or macros)
Re: (Score:2)
Re: (Score:2)
"Plugging in values, we get the frequency of 38.52khz.
Wait a minute. Don't many infrared recievers use 38khz as a carrier wave? Yep, they do. But in signals sent by your TV, this carrier wave is sent in a discrete number of pulses with well timed on and off periods. The alarm for this security system just sends the carrier wave on."
Is that .5kHz deviation large enough to be not recognized by the remote anymore? it can't be the code/pattern as there isn't one
Re: (Score:2)
Re: (Score:2)
If you use a capable, programmable remote that can capture very long strings of signals across very wide frequency bands (like my trusty old Pronto TSU-7000), it could work as well (or maybe even better) than that toy.
Of course, since the toy is a far, far cheaper solutio
Re:Ok? How is this new, or a big deal? (Score:5, Insightful)
How long before... (Score:2)
How long before there's an "app for that"?
Re:How long before... (Score:5, Informative)
For the younger readers I-Paq is nothing to do with Apple :)
Re: (Score:2)
And Apple was jumping on the I-everything naming bandwagon, which had just taken over for the E-everything naming bandwagon. There was nothing innovative or unique about the name of the iMac, it was just marketing.
Re: (Score:3)
About negative one decade. I was doing this with my Treo 180 and OmniRemote. Worked great for university AC systems where they kept the remotes in a central office.
Alarm-B-Gone! (Score:2)
It's not much different from one of those TV-B-Gone remote controls that turn of TVs, except they're programmed to run through all the common TV shutoff codes and he figured out which one he needed for his particular device. (They're basically just a microcontroller, IR LED, battery, and switch.)
As far as "there's an app for that" goes, most of the TV remote control apps I've seen cost a few dollars, just because they can, and because Apple encourages you to charge money to use their app store.
Re: (Score:1)
Re: (Score:3)
But this is kind of like hacking a door lock with a crowbar.
It's more like hacking a door lock by twisting it 45 degrees clockwise and then pushing.
Re:Ok? How is this new, or a big deal? (Score:5, Informative)
it is a big deal because unlike a universal remote, security systems are supposed to be, well, secure. you shouldnt be able to hack a security system with a 20$ toy.
If your "security" system cost $8 like the one they hacked, you probably got what you paid for. I doubt that anyone is using this kind of thing to secure anything of importance. Most are probably sold as a novelty or to keep roommates out of your stuff, sort of. They say there are also IR door keys that are also hacked similarly, but I don't see examples in TFAs. And I've never seen an IR door key in actual use, not that my experience is definitive.
Re:Ok? How is this new, or a big deal? (Score:4, Funny)
If your insurance company asks if you have a security system and you say "yes" because you spent $8 on one, is that fraud?
Re:Ok? How is this new, or a big deal? (Score:4, Informative)
My insurance company specifies that it must be a monitored alarm, and I have to sign an affidavit to that effect.
Re: (Score:2)
Re: (Score:3)
If your "security" system cost $8 like the one they hacked, you probably got what you paid for. I doubt that anyone is using this kind of thing to secure anything of importance.
This. You don't pay AU$8 for a security system to guard your Picassos or Tang dynasty Chinese vases. You pay AU$8 for a security system that does nothing more than make a noise when an unsuspecting person enters an area. It's not going to stop someone who is determined to steal from you.
This article is ... on so many levels it is ridiculous.
Re: (Score:3)
Home "security systems" like those installed by ADT and Comcast are not actually meant to be secure, they're just meant to make home owners feel better. Actual security systems (which I work with) are fairly intrusive into one's day to day life and are VERY expensive to install, configure and maintain correctly. Think $5,000-$30,000 to do a basic install with decent quality hardware/software.
Re: (Score:3)
Home security systems are like door locks. They are useless keeping out someone determined, but are pretty effective at making your house more bother than it is worth for a burglary.
Home security systems don't need better remotes because most people don't use ir remotes to access their
Re: (Score:2)
I'm not surprised by what you say, it sounds reasonable. The signs then are just as effective as actually having the system. Working in the security industry I've recognized a couple of houses in our neighborhood that show security system signs for companies that either don't exist or which only exist in other states.
Those aren't actually security systems, then. They're deterrent systems.
Re: (Score:3)
That's been discussed a lot on here in the past.
One in particular that I remember was about a laptop locking cable that you could unlock with a pen in just a few seconds.
If a criminal wants a laptop, and sees 3 sitting around. No one is at them, and he has a few moments of no one looking. One is on a desk with the easily defeated cable. One is on another desk, tied down with a piece of string. The third was just put into a laptop bag, and is on the floor by a chair.
He won't go for the one with the cable
Re: (Score:2)
it is a big deal because unlike a universal remote, security systems are supposed to be, well, secure. you shouldnt be able to hack a security system with a 20$ toy.
The article is about hacking an $8 security system! I don't think anybody is going to purchase it thinking it's going to protect them against hackers with sophisticated reverse engineering knowledge.
Re: (Score:2)
Indeed. I'm just waiting how long for a firmware for TV-B-GONE. :-) That should be reasonably trivial?
In related news, researchers show that cheap door can be kicked down.
Garage Door Terrorist! (Score:3)
Re: (Score:3)
My alarm dates from 1060 - a flock of geese!
(very difficult to spoof...)
Re:Garage Door Terrorist! (Score:4, Informative)
..as that guy already found out: http://en.wikipedia.org/wiki/St_Martin_of_Tours#European_folk_traditions [wikipedia.org] - and we're talking about 371, not 1060. Now get of my lawn!
Re: (Score:1)
Re: (Score:2)
Personally, I use a flock of seagulls.
Re: (Score:2)
Personally, I use a flock of seagulls.
Ah; so you use the "indellible tracking marker on body" method instead of the "break his legs" method....
Re: (Score:2)
Re: (Score:2)
Quite a few are still in service. The rolling code systems didn't come out until the mid 90s.
I don't know if you're a garage-door guy or something, but my experience with the controller boards is that they do not last anywhere near 20 years.
Re: (Score:2)
Quite a few are still in service. The rolling code systems didn't come out until the mid 90s.
I don't know if you're a garage-door guy or something, but my experience with the controller boards is that they do not last anywhere near 20 years.
Your experience has holes in it, then. Installed 1992. Still in use. The only maintenance required has been to de-oxidize the contacts on the manual switch.
Re: (Score:2)
The difference is you actually maintained/repaired it. Usually that would have been thrown out.
Re: (Score:2)
Re: (Score:2)
Wow, your experience differs from mine! Who would have thought such a thing? I've had multiple boards go bad (capacitor failures, fried electronics).
Virtuous living. Obviously. Semi-virtuous anyway. I live in a high-lightning region. It has fried 2 electronic thermostats, popped Ground-Fault Interruptors, and blown an alarm sensor, but the garage door opener goes on. And it's 105 in there at the moment.
As I said, the only thing I've ever had to do to it was scrape down the contacts on the switch at the wall. And lube the drive every year or 3.
The thermostats, incidentally, blew out their changeover relays. The part that determines "heat" or "cool". So I
Re: (Score:2)
Re: (Score:2)
Quite a few are still in service. The rolling code systems didn't come out until the mid 90s.
I don't know if you're a garage-door guy or something, but my experience with the controller boards is that they do not last anywhere near 20 years.
I've lived in 3 houses with 20+ year old garage door controllers. Those old partless wonders last forever in my experience. My current one doesn't even have any kind of forced reversing feature or IR obstruction detectors. Total death trap.
Re: (Score:2)
Mine has to be at least that old. The remote is brown plastic, for goodness sakes. My mother-in-law's is even older. 20 years old doesn't seem that old anymore when you are middle aged :) My air conditioner is from 1984, but sadly I must retire it as R-22 is too damn expensive now.
Re: (Score:2)
We just replaced our garage door two years ago, and the opener with it. It had the original installers' sticker on it, dated 1976.
Re: (Score:2)
They are probably just like every other consumer device these days. Over 20 years ago, they built them to last over 20 years. Modern devices are built to last 5 years.
Re: (Score:2)
Many gated communities use simple fixed-code garage openers, and it's ALWAYS cheaper to not have to hand out 200 new remotes than to keep using the same dated technology.
When many of these systems break, the get fixed with refurb old technology.
Re: (Score:2)
Many gated communities use simple fixed-code garage openers, and it's ALWAYS cheaper to not have to hand out 200 new remotes than to keep using the same dated technology.
When many of these systems break, the get fixed with refurb old technology.
The newer openers allow you to program them to accept remotes. Instead of handing out 200 new remotes, you can reset the controller and then program it to accept the remotes. I've never lived in a gated community, so I don't know their SOP.
Re: (Score:2)
they aren't IR anyway
Re: (Score:2)
they aren't IR anyway
No shit, sherlock. TFS mentions both IR and "fixed-code frequency" (i.e., RF).
Keys are copyable?! (Score:5, Informative)
Say it isn't so!!! Someone made a copy of my keys from a wax mould. So I got an electronic lock. So now that is vulnerable too?! Say it isn't so!!
I'm sorry, but if you want to secure a transmitted signal, then SECURE IT. Signals which are one-way only are weak by definition. Instead, there should be work done on systems which require an encrypted signal started by the key device and received by the lock which returns with a reply to the key device which acknowledges the reply.
And yes, even THAT can be replicated... it's just harder. But the rule is that which can be locked can be unlocked. It's a question of complication.
Re: (Score:1)
You want the lock to securely verify the key, not the other way round. It is very unlikely that an attacker builds a lock which can be opened by your key. He more likely will want to make a key which opens your lock.
If you use public key cryptography with the private key stored in the key device, there's no way an attacker could clone your key device without getting hold of it.
Re: (Score:1)
Exactly, you want your key to "initiate", have the "lock" to transmit a random challenge, sign that in your "key" and send it back to the "lock".
Re: (Score:2)
Pay for better insurance, make backups, and don't worry about it as much.
Re: (Score:2)
Yes... let's support the insurance racket. It worked out so well for healthcare.
Re: (Score:2)
Say it isn't true! (Score:2)
Holy crap! That is amazing! Who made this wonderful discovery, surely they must be nominated for some sort of prize. Oh, wait, everything with even the slightest bit of security uses rolling codes. Oh well.
Nothing to see here (Score:1)
Goodness (Score:5, Funny)
Society (Score:3, Insightful)
It's almost as if the security society is selling the appearance of security instead of actual security. Surely, they wouldn't be so mercenary.
Re: (Score:2)
best alarm (Score:1)
TV remotes (Score:3)
It seems to me that there is a finite number of signals any security manufacturer will use, just like there are a finite number of 4 or six digit codes. The difference is that while a human may only be able to try 10 codes a minute on a keypad, a scanner should be able to increase that rate by a factor of 5. Thus a criminal could sit in a car across the street for 20 minutes and check 1000 codes to see if they can disarm the alarm. Or pretend to be delivering a package, leave the device there, and come back when in an hour to see if the house have been left insecure.
As an aside, many years ago when automatic garage doors became popular, and IR or radio transmitters were not cheap, I am told that they worked off car horns. The story goes that teens would drive down the street at night, honking their horns, to watch the garage doors go up. Security is always a compromise between convenience and actual security. The former does tend to win out.
Re: (Score:2)
Maybe so, but there is no technical reason not to use a long key. The bit rate is more than 100 bits per second IIRC, so a 64-bit key would work without being inconvenient. It would obviously take a long while to brute force that.
By the way for anyone interested in starting out with digital electronics and micro controllers, making a an IR-lock and a key (and then a key sniffer for extra credit) is a good first project in terms of difficulty. You could start with an old remote as the key for the first itera
Re: (Score:2)
So have the security system limit attempts. As soon as it detects that it’s being code-spammed, it stops listening for some amount of time. Rinse and repeat. The criminal’s device won’t know that the system isn’t listening, so it will consider all the codes it sent during that time as incorrect.
Re: (Score:2)
A good system will throw an alert after too many (>5 or so) access failures. Any adequately monitored system would see your first dozen or so failed attempts and have someone cruise by to see what is going on. Having said that, these are home systems, which are faulty by design. The only homes that get actual security are those of people like Warren Buffet, who can afford to cough up >$50,000 on a system, and pay decently trained staff to monitor it. There's an enormous gap between the two extreme
Re: (Score:2)
How common is IR arming remotes? (Score:4, Insightful)
But I am more worried about the garage door openers coming with cars. They have usually three buttons in the rear view mirror. You hold the regular garage door open close to it and operate the door two or three times. Somehow the car gets not only the code but also the "rolling codes" and becomes a new duplicate garage door opener. Wondering what kind of security has been implemented there. If I use a sophisticated and powerful radio receiver to capture the code transmitted by the garage door opener two or three times, would it be enough to get the rolling code algorithm?
Re: (Score:1)
Re: (Score:3)
Re: (Score:3)
Well, according to this [kuleuven.be], it would take a small compute cluster and 2-3 days to crack after capturing 65 minutes of solid transmissions. So, not terribly secure, but good enough for a medium with such a low transmission rate. The thief would need physical access to the transmitter (and a fresh set of batteries for it) and couldn't rely on incidental intercepts.
Re: (Score:1)
Re: (Score:1)
They are super common when you buy your "alarm system" at the dollar store.
This entire story is a farce.
Re: (Score:2)
It's like modulo arithmetic, I think: go far enough and you loop around to the same answer, or at least an answer. In this case, the answer is a code that works.
I'd post a link to the Wikipedia article that I read sometime ago explai
Re: (Score:3)
To use HomeLink with a rolling code garage door, you first teach HomeLink your remote. I suspect it is simply detecting the type rolling code opener you're using. At this point the HomeLink will transmit a code, but it still does not open the garage door. You now need to press the "Learn" button on the opener and transmit a code from the HomeLink to get it to accept the codes. This, incidentally, can be quite a pain if you only have 30 seconds to get down from a ladder and back into your car to pus
Re: (Score:2)
Dependance on electronics is always a fail (Score:1)
Re: (Score:2)
Having a big dog and a sign that says - Forget the dog, beware of owner -
Re: (Score:2)
20+ years of owning big dogs. I've lived in several "rough" neighborhoods and I have never had anyone try to break in. A German Shepard's bark is far more effective than any form of electronic protection.
The best security system you can have is a dog, You have a lot of what if replies but it's a known fact. Nobody gets close to my place
without my dog letting me know, he also does this without being a nuisance.
Security companies also make more money than one would think just selling signs or decals claiming a home alarm is installed for those
with or without pets.
False Positives and Dogs (Score:2)
My downstairs apartment neighbor has a dog. Always barks when I'm going up or down the stairs, sometimes before.
I used to live in a house with a driveway that was right next to my neighbor's, separated only by a low fence and a few feet of grass. The dog was usually outside, and considered my driveway to be part of his territory, so he'd bark if I went out to the car or drove up and got out of it.
Re: (Score:2)
My downstairs apartment neighbor has a dog. Always barks when I'm going up or down the stairs, sometimes before.
I used to live in a house with a driveway that was right next to my neighbor's, separated only by a low fence and a few feet of grass. The dog was usually outside, and considered my driveway to be part of his territory, so he'd bark if I went out to the car or drove up and got out of it.
My neighbor got a new dog that he left alone during the day while he went to work. I was working the graveyard shift when this started.
Damn dog barked all freaking day, for two days. I purchased a BB pistol and when it started barking the third day
I cracked the door a bit and shoot it in the a$$.
Dog never barked again :} figure it didn't know what happened and it stung so bad that keeping a low profile was to it's benefit.
I feel I treat my dog very well, we go to the park and walk along the river everyday r
Re: (Score:2)
I've got a big dog, too... a large munsterlander, 40kg. Unfortunately, he's the biggest wuss you'll ever meet. Burglars don't know that, though, and he's got a good bark, if he even notices anyone has arrived.
Re: (Score:2)
Until the burglar starts feeding the dogs drugged steaks...
Ya. When my wife was my girlfriend, her neighbor had a pit bull. Dog was very protective of the neighbor's house -- and gf's house too, the dog really liked her. Then someone poisoned the dog. Next week, neighbor's lawnmower got stolen. That mower probably cost less than the pup did, and was certainly not the friend and companion the dog was, either. Just sickening. I was horrified and disgusted.
I'll send them a basket of muffins (Score:2)
Sheldon: What if someone kidnaps me, forces me to record my voice, and then cuts off my thumb?
Solution to this... (Score:2)
That's not a "home security system". (Score:2)
That's not a "consumer grade home security system". It's a motion sensor alarm. A cheap, pitiful motion sensor alarm. That a $7.80 alarm doesn't use a sophisticated or even up-to-date remote shouldn't be a surprise to anyone
Re: (Score:2)
That's not a "consumer grade home security system". It's a motion sensor alarm. A cheap, pitiful motion sensor alarm. That a $7.80 alarm doesn't use a sophisticated or even up-to-date remote shouldn't be a surprise to anyone
Yes, something someone would take with them on a trip. a take along security system. How many people you think are going to be waiting for :}
them to record their code
$20 'Toy'? (Score:2)
Sounds like a "weird" trick. Should it be banned?
Re: (Score:2)
Mod parent up for obscure advertising reference.
Re: (Score:2)
Obscure? Those banner ads are on nearly every damn webpage.
Re: (Score:2)
Where did we see this? (Score:2)
Re: (Score:3)
When you're a spy, you need to learn that sometimes, the easiest way to foil a security system is with an Infrared transmitter. A $20 toy from your local toy store will work just fine.
Re: (Score:2)
Toys hacking toys (Score:1)
I can't think of any security systems that are actually listed and labeled as security systems that use infrared technology to operate.
Their "security system" is an eBay purchase for $8 AU is hardly worth calling a "security system"
This is in the same level as if I said I picked a 20 cent "lock" that uses a single tumbler with a 2 cent paperclip. That lock provides no real security in the same manner as their eBay security system.
There is a reason independent labs test, list, and label security systems. And
So? (Score:4, Informative)
It's simpler than that. (Score:4, Interesting)
Your best defense against burglary isn't cops, dogs, or security systems.
Your best defense against burglary is availability of meaningful, good paying work in your geographic area.
That's why the 1% clump together in gated communities or live far away from everybody else. Because they know cops, dogs and security systems are mostly just security theater, and the best way to be truly secure in your belongings is to stay far away from the hungry and unemployed.
Re: (Score:2)
Yep, best security system available for the urban residence. Even a small dog will keep them back, they aren't going to get into a wrestling match with any sort of dog, unless they plan on turning the possibility of having to fire a weapon into the certainty of having to do so.
Re: (Score:2)
Alarms on home security systems have such a high false alarm rate that investigating calls from them is at the very bottom of police departments' list of priorities. According to friends that work as police dispatchers the only thing lower on their priority list was arresting recreational pot smokers. Now that it's legal here there won't be anything lower.
Re: (Score:2)
The false alarms would go through the roof if you have either crappy internet service or a crappy power grid (or, if you're lucky enough to live in SW Florida, BOTH!)
Re: (Score:2)
Down here, those "issues" you have can be as small as a heavy thunderstorm.