Slashdot Mirror
$20 'Toy' Deactivates Cheap Home Alarms, Opens Doors
mask.of.sanity writes "Cheap home alarms, door opening systems and wireless mains switches can be bypassed with low-cost and home-made devices that can replicate their infrared signals. Fixed-code radio frequency systems could be attacked using a $20 'toy', or using basic DIY componentry. Quoting: 'Criminals might be able to capture IR signals if they can get a line of sight to when the system is being armed or disarmed. If a criminal knows what type of alarm system you're using then they could do what we did here and reverse it for cloning a remote. A more likely scenario is just to buy a duplicate system and use that remote. Not all IR remotes can be switched from the same system. It depends on whether a code is being transmitted and how many variations of the code and remote exist. In the system described in this post, there is no code, just a carrier signal. If a code is being transmitted, then the Infrared toy can capture it and replay it. So that's your best bet for a criminal looking at a completely unknown remote.'"
So can many universal remotes, so can a computer, so can anything else.
This is almost as silly as the "access to an unencrypted disk is access to your data!!!!!" story from a few days ago.
Does anybody's garage door still use some fixed code remote? Come on. This is not 1960.
Say it isn't so!!! Someone made a copy of my keys from a wax mould. So I got an electronic lock. So now that is vulnerable too?! Say it isn't so!!
I'm sorry, but if you want to secure a transmitted signal, then SECURE IT. Signals which are one-way only are weak by definition. Instead, there should be work done on systems which require an encrypted signal started by the key device and received by the lock which returns with a reply to the key device which acknowledges the reply.
And yes, even THAT can be replicated... it's just harder. But the rule is that which can be locked can be unlocked. It's a question of complication.
So can many universal remotes, so can a computer, so can anything else....
Of course the very first thing the article covers is universal remotes and how they didn't work.
Perhaps, in the future, you should RTFA before commenting.
it is a big deal because unlike a universal remote, security systems are supposed to be, well, secure. you shouldnt be able to hack a security system with a 20$ toy.
It's almost as if the security company is selling the appearance of security instead of actual security. Surely, they wouldn't be so mercenary.
It seems to me that there is a finite number of signals any security manufacturer will use, just like there are a finite number of 4 or six digit codes. The difference is that while a human may only be able to try 10 codes a minute on a keypad, a scanner should be able to increase that rate by a factor of 5. Thus a criminal could sit in a car across the street for 20 minutes and check 1000 codes to see if they can disarm the alarm. Or pretend to be delivering a package, leave the device there, and come back when in an hour to see if the house have been left insecure.
As an aside, many years ago when automatic garage doors became popular, and IR or radio transmitters were not cheap, I am told that they worked off car horns. The story goes that teens would drive down the street at night, honking their horns, to watch the garage doors go up. Security is always a compromise between convenience and actual security. The former does tend to win out.
"She's a scientist and a lesbian. She's not going to let it slide." Orphan Black
But I am more worried about the garage door openers coming with cars. They have usually three buttons in the rear view mirror. You hold the regular garage door open close to it and operate the door two or three times. Somehow the car gets not only the code but also the "rolling codes" and becomes a new duplicate garage door opener. Wondering what kind of security has been implemented there. If I use a sophisticated and powerful radio receiver to capture the code transmitted by the garage door opener two or three times, would it be enough to get the rolling code algorithm?
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
It's almost as if the security society is selling the appearance of security instead of actual security. Surely, they wouldn't be so mercenary.
aaaaaaa
it is a big deal because unlike a universal remote, security systems are supposed to be, well, secure. you shouldnt be able to hack a security system with a 20$ toy.
If your "security" system cost $8 like the one they hacked, you probably got what you paid for. I doubt that anyone is using this kind of thing to secure anything of importance. Most are probably sold as a novelty or to keep roommates out of your stuff, sort of. They say there are also IR door keys that are also hacked similarly, but I don't see examples in TFAs. And I've never seen an IR door key in actual use, not that my experience is definitive.
I am not a crackpot.
For the younger readers I-Paq is nothing to do with Apple :)
Build a Man a Fire, and He'll Be Warm for a Day. Set a Man on Fire, and He'll Be Warm for the Rest of His Life.
Sounds like a "weird" trick. Should it be banned?
But he completly ommited the WHY they didn't work.
bickerdyke
If your insurance company asks if you have a security system and you say "yes" because you spent $8 on one, is that fraud?
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
About negative one decade. I was doing this with my Treo 180 and OmniRemote. Worked great for university AC systems where they kept the remotes in a central office.
"When information is power, privacy is freedom" - Jah-Wren Ryel
My insurance company specifies that it must be a monitored alarm, and I have to sign an affidavit to that effect.
W..w..W - Willy Waterloo washes Warren Wiggins who is washing Waldo Woo.
Home "security systems" like those installed by ADT and Comcast are not actually meant to be secure, they're just meant to make home owners feel better. Actual security systems (which I work with) are fairly intrusive into one's day to day life and are VERY expensive to install, configure and maintain correctly. Think $5,000-$30,000 to do a basic install with decent quality hardware/software.
"Think about how stupid the average person is. Now, realise that half of them are dumber than that." - George Carlin
They could go through all this trouble to try and capture your code, defeat your security system.. Or, they could go to one of the other hundreds of thousands of houses in the country that have no security system whatsoever. You want to keep a burglar at bay? Get a dog with a mean sounding bark.
Cheap universal remotes have limited frequency bands and can only manage capture and send short signals (discrete keys, say, instead of macros).
Good (and expensive, of course) universal remotes do not have these limits and would work fine.
The writer erroneously made a definitive statement based on a single data point.
When you're a spy, you need to learn that sometimes, the easiest way to foil a security system is with an Infrared transmitter. A $20 toy from your local toy store will work just fine.
My eyes reflect the stars and a smile lights up my face.
Even if it's limited: the article said the alarm systems frequence is identical to the one used by remote controls and only an empty carrier is sent. (so neither keys or macros)
bickerdyke
But this is kind of like hacking a door lock with a crowbar.
It's more like hacking a door lock by twisting it 45 degrees clockwise and then pushing.
Your best defense against burglary isn't cops, dogs, or security systems.
Your best defense against burglary is availability of meaningful, good paying work in your geographic area.
That's why the 1% clump together in gated communities or live far away from everybody else. Because they know cops, dogs and security systems are mostly just security theater, and the best way to be truly secure in your belongings is to stay far away from the hungry and unemployed.
If your "security" system cost $8 like the one they hacked, you probably got what you paid for. I doubt that anyone is using this kind of thing to secure anything of importance.
This. You don't pay AU$8 for a security system to guard your Picassos or Tang dynasty Chinese vases. You pay AU$8 for a security system that does nothing more than make a noise when an unsuspecting person enters an area. It's not going to stop someone who is determined to steal from you.
This article is ... on so many levels it is ridiculous.
I don't know how much an Arduino costs these days, but he's now spent a considerable amount of money to duplicate the function of a device he can get online for $4 (there are two remotes in the package).
The people that this alarm system are intended to foil aren't going to case the site long enough to determine that an alarm is in use and that is it brand X with a remote that can be bypassed by spending $20 for an IR learning toy. They're going to walk into the area being protected and hear the alarm going off. If the owner is in the vicinity and hears it, he'll call the cops and the device has been successful. If he's not, well, it wasn't. I don't think many people are stupid enough to think that a noisemaker will stop someone who doesn't care if there is a noise. Like I said, nobody is relying on a AU$8 alarm to protect a Picasso. They might spend that much to get a notice when one of the kids is raiding the fridge, though. Or a 'coon is on the back porch. I doubt a 'coon has the skill to defeat this thing, although I don't know how smart Aussie 'coons are.
From the other side, I would say that you are wrong. I have known several burglars, and all of them agree that home security systems are effective. If they see a house has an alarm, they simply move to the next house.
Home security systems are like door locks. They are useless keeping out someone determined, but are pretty effective at making your house more bother than it is worth for a burglary.
Home security systems don't need better remotes because most people don't use ir remotes to access their home security systems, and most burglars don't 'case' houses before robbing them.
That's been discussed a lot on here in the past.
One in particular that I remember was about a laptop locking cable that you could unlock with a pen in just a few seconds.
If a criminal wants a laptop, and sees 3 sitting around. No one is at them, and he has a few moments of no one looking. One is on a desk with the easily defeated cable. One is on another desk, tied down with a piece of string. The third was just put into a laptop bag, and is on the floor by a chair.
He won't go for the one with the cable. Even if he was prepared and knew exactly how to do it, it is still an obstacle. Even the one in the string requires a little extra time to untie or cut. The one in the bag on the floor is easiest, as he can just pick it up and keep walking.
The only variation on this would be the perceived value. If the one in the bag looked like an antique, he'd disregard it in favor of one that he can sell. If it's the one with the cable, and may get someone's attention by picking the lock, he may just move on to somewhere else.
The same applies to homes. All things equal except for security, the insecure house is the easy target and will get broken into. If the insecure house is a dilapidated hovel, but there is a nicer house that's an easy enough target, he'll go for the nicer one or pick a different neighborhood with better targets.
Serious? Seriousness is well above my pay grade.