Slashdot Mirror
$20 'Toy' Deactivates Cheap Home Alarms, Opens Doors
mask.of.sanity writes "Cheap home alarms, door opening systems and wireless mains switches can be bypassed with low-cost and home-made devices that can replicate their infrared signals. Fixed-code radio frequency systems could be attacked using a $20 'toy', or using basic DIY componentry. Quoting: 'Criminals might be able to capture IR signals if they can get a line of sight to when the system is being armed or disarmed. If a criminal knows what type of alarm system you're using then they could do what we did here and reverse it for cloning a remote. A more likely scenario is just to buy a duplicate system and use that remote. Not all IR remotes can be switched from the same system. It depends on whether a code is being transmitted and how many variations of the code and remote exist. In the system described in this post, there is no code, just a carrier signal. If a code is being transmitted, then the Infrared toy can capture it and replay it. So that's your best bet for a criminal looking at a completely unknown remote.'"
So can many universal remotes, so can a computer, so can anything else.
This is almost as silly as the "access to an unencrypted disk is access to your data!!!!!" story from a few days ago.
Say it isn't so!!! Someone made a copy of my keys from a wax mould. So I got an electronic lock. So now that is vulnerable too?! Say it isn't so!!
I'm sorry, but if you want to secure a transmitted signal, then SECURE IT. Signals which are one-way only are weak by definition. Instead, there should be work done on systems which require an encrypted signal started by the key device and received by the lock which returns with a reply to the key device which acknowledges the reply.
And yes, even THAT can be replicated... it's just harder. But the rule is that which can be locked can be unlocked. It's a question of complication.
So can many universal remotes, so can a computer, so can anything else....
Of course the very first thing the article covers is universal remotes and how they didn't work.
Perhaps, in the future, you should RTFA before commenting.
it is a big deal because unlike a universal remote, security systems are supposed to be, well, secure. you shouldnt be able to hack a security system with a 20$ toy.
It's almost as if the security company is selling the appearance of security instead of actual security. Surely, they wouldn't be so mercenary.
But I am more worried about the garage door openers coming with cars. They have usually three buttons in the rear view mirror. You hold the regular garage door open close to it and operate the door two or three times. Somehow the car gets not only the code but also the "rolling codes" and becomes a new duplicate garage door opener. Wondering what kind of security has been implemented there. If I use a sophisticated and powerful radio receiver to capture the code transmitted by the garage door opener two or three times, would it be enough to get the rolling code algorithm?
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
It's almost as if the security society is selling the appearance of security instead of actual security. Surely, they wouldn't be so mercenary.
aaaaaaa
it is a big deal because unlike a universal remote, security systems are supposed to be, well, secure. you shouldnt be able to hack a security system with a 20$ toy.
If your "security" system cost $8 like the one they hacked, you probably got what you paid for. I doubt that anyone is using this kind of thing to secure anything of importance. Most are probably sold as a novelty or to keep roommates out of your stuff, sort of. They say there are also IR door keys that are also hacked similarly, but I don't see examples in TFAs. And I've never seen an IR door key in actual use, not that my experience is definitive.
I am not a crackpot.
For the younger readers I-Paq is nothing to do with Apple :)
Build a Man a Fire, and He'll Be Warm for a Day. Set a Man on Fire, and He'll Be Warm for the Rest of His Life.
..as that guy already found out: http://en.wikipedia.org/wiki/St_Martin_of_Tours#European_folk_traditions - and we're talking about 371, not 1060. Now get of my lawn!
bickerdyke
If your insurance company asks if you have a security system and you say "yes" because you spent $8 on one, is that fraud?
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
My insurance company specifies that it must be a monitored alarm, and I have to sign an affidavit to that effect.
W..w..W - Willy Waterloo washes Warren Wiggins who is washing Waldo Woo.
They could go through all this trouble to try and capture your code, defeat your security system.. Or, they could go to one of the other hundreds of thousands of houses in the country that have no security system whatsoever. You want to keep a burglar at bay? Get a dog with a mean sounding bark.
Cheap universal remotes have limited frequency bands and can only manage capture and send short signals (discrete keys, say, instead of macros).
Good (and expensive, of course) universal remotes do not have these limits and would work fine.
The writer erroneously made a definitive statement based on a single data point.
Your best defense against burglary isn't cops, dogs, or security systems.
Your best defense against burglary is availability of meaningful, good paying work in your geographic area.
That's why the 1% clump together in gated communities or live far away from everybody else. Because they know cops, dogs and security systems are mostly just security theater, and the best way to be truly secure in your belongings is to stay far away from the hungry and unemployed.