There’s a major, un-fixable flaw in a security system used in over 200,000 homes
Simplisafe is a popular wireless alarm system. The company says it protects over 200,000 homes — and a security expert just showed that anyone with some technical knowledge can remotely disarm it.
Security researcher Andrew Zonenberg posted on his blog that he reverse-engineered the way the Simplisafe system’s parts talk to one another wirelessly.
With some coding work, he built a receiver that could listen in on that chatter. He couldn’t figure out the system’s PIN code, but he was able to record the string of code the system broadcasts whenever a correct PIN is entered. By broadcasting it back at the system he could disarm it without even touching it.
And it took just a couple hundred dollars worth of equipment — far less than the potential prize of a successful burglary.