Logan Lamb is is a cybersecurity researcher for the Department of Energy's Oak Ridge National Laboratory. As part of a test, Lamb went to a party with the intent of hacking into the home security system.
Lamb had been doing research on the way popular security systems can be hacked and turned on their owners. At the party, Logan's friend agreed to be the guinea pig. He turned on his 2GIG Go!Control panel from Vivint and armed the system. The guests were instructed to go about their normal "party" behavior. The alarm did not get triggered because Lamb had hacked into the system.The Vivint control station that would normally call the police was not given the heads up because Lamb had intercepted the unencrypted wireless signal. This experiment had been replicated on other vendors products, the legacy wireless communications from the 90's failed to encrypt or authenticate signals.
Vivint claims that they have a jamming detection feature in their wireless systems, but Lamb said he found a way to get around it without Vivint detecting it. When someone gets around that jamming detection feature, that is where the spying can occur.
No alert given when someone has broken into your home is a reality if you have a wireless home security system. Hackers can compromise the signals being sent by wireless sensors preventing owners from being alerted. Google's DropCam Web cam is at risk of being used to monitor its owners by hackers according to some research. Lamb found that the signal the sensors transmit to the alarm panel are typically unencrypted, meaning that they can be easily intercepted. He's been able to compromise systems from popular security companies including ADT and Vivint.
Patrick Wardle and Colby Moore, are researchers for Synack are also presenting findings about DropCam and Def Con. They found that a DropCam system can be compromised by someone who has physical access to the device. When a DropCam is booting up it can be put into a mode that will allow someone to install their own software. This software could be used to intercept video feeds coming from the camera or replace the live feed altogether. In the digital world nothing, even security, is not absolutely safe.
The security system vendors said the hacks had never occurred in the wild, to their knowledge.
"Safety and security is a top priority at ADT, and we have spend the past 140 years earning the trust of our customers," said ADT spokesperson Jason Shockley. "Because we have yet to see the details of this particular research, we are unable to comment on the specifics.
"Wireless transmissions by their nature are subject to potential risks," said one security system maker in a statement. "Our security systems meet or exceed industry standards and include a varity of protections, such as available encryption, tamper resistance and jamming detection, which when employed significantly improve security."
Lamb has found that SDRs are getting more inexpensive as well as more ubiquitous.
"The idea of covering a home with more security sensors does not translate into a more secure home," said Lamb. "The end goal of all this is to make better systems"