Wireless home alarm manufacturer's (like Visonic, 2GIG, or United Technologies (formerly known by brands such as GE Security, ITI, and Cadix)) have always used proprietary wireless protocols, and insisted that they are secure, but "a cybersecurity researcher at the Department of Energy's Oak Ridge National Laboratory" did some reverse engineering with a software-defined radio (SDR) and discovered that not only were the sensor communications not encrypted, but that he could detect sensor triggers from up to 250 yards away.
So to case a house, all you need is a Raspberry Pi, a $10 SDR dongle, some custom software, and a battery stuffed into a small box that you toss in the bushes, then retrieve a week later, and you've got a full record of the pattern of the home oner's movements. Of course the alarm companies view this as "exotic" tech that's beyond the capabilities of most thieves. But how long before we see this reduced to a $20 dongle that attaches to an iPhone and a $10 app? (Though I suppose Apple would banish such an app as soon as they figured out what it could be used for. So perhaps side-loading onto your Android phone is more likely to be the deployment scenario.) What's worse is that the researcher found he could jam the signals going to the panel, so it never saw sensors being triggered: http://www.forbes.com/sites/kashmirhill/2014/07/23/how-your-security-system-could-be-used-to-spy-on-you/ Lamb [the researcher] asked the [home owner] to arm the system and then let the guests wander normally. The alarm did not get triggered as it should when the system's armed and a door opens, and the Vivint central control station that would call the police when such a thing happened did not get a heads up. Lamb was able to suppress the alarm through intercepting the system's unencrypted wireless communications with the sensors around the home, and sending his own signals to the main controls. The silver lining to this is that it actually might not be that time consuming to reverse engineer these wireless protocols or require exotic hardware if you want to repurpose widely available, inexpensive wireless sensors in your home automation system. (For example, I can get GE compatible wireless door sensors or motion detectors for about half the cost of an equivalent product made for the "open" protocols, like Z-Wave. A concealed door jamb sensor can be had for a mere $26[1].) 1. http://www.discounthomeautomation.com/iON-Digital-Plunger-Wireless-Door-Security-Sensor-IONPLUNGERx Several years back I looked into using United Technologies compatible wireless sensors with a home automation system. United Technologies actually makes a board with the wireless transceiver and a serial link that connects it to their wired alarm panels. I figured buying that transceiver would be the least effort solution. So I emailed United Technologies asking if they had any documentation covering that serial communication. Of course their reply was that it was proprietary, and they felt disclosing it would compromise the security of their products. -Tom _______________________________________________ Hardwarehacking mailing list Hardwarehacking@blu.org http://lists.blu.org/mailman/listinfo/hardwarehacking