SimpliSafe DIY Home Security System – ‘Inherently Insecure and Vulnerable’ to Hacking

simplisafeAnother popular DIY Home Security system, ‘SimpliSafe’ was successfully hacked on February 17th, 2016 by Andrew Zonenberg of IOActive.com.

According to Zonenberg there is a “critical” security vulnerability with the ‘Simply Safe’ System which makes it ‘Inherently Insecure’ and Prone to Hacking.

‘Simply Safe” is marketed as a low cost, no contract DIY security system with endorsements by consumer advocate Dave Ramsay and numerous five star media reviews including Good Housekeeping, Fortune, New York Post, Boston Globe and Tech Crunch just to name a few.  Prices for the base SimpliSafe system start around $200 dollars with monthly monitoring between $15 and $25 dollars (USD).

yard_sign_271_256Zonenberg revealed the details of the SimpliSafe’  hack on the IOActive blog stating “Consumers of this product need to know the product is inherently insecure and vulnerable to even a low-level attacker.  This simple vulnerability is particularly alarming because; 1) it exists within a “security product” that is trusted to secure over a million homes; 2) it enables an attacker to completely own the system (i.e., disable it, change PIN codes, etc.), and; 3) many unsuspecting consumers prominently display window and yards signs promoting their use of this system…essentially self-identifying their home as a viable target for an attacker.”

SimpliSafe responded to the hack announcement on their blog February 19, 2016 stating “The hack described is sophisticated and highly unlikely”.

SimpliSafe went on to recommend users Change their PIN Code regularly, monitor notifications for unexpected activity, take note of any suspicious person near their home and upgrade to an interactive plan and use remote access for arming and disarming their alarm system.

No security system is infallible but the SimpliSafe hack is just the latest glitch in the DIY Security and Home Automation market. 

Consumers need to be aware that not all DIY Security and Home Automation Solutions are secure and just because a system is being sold on-line or at their local hardware or electronics store doesn’t mean that system is safe and not vulnerable to hacking or exploits. 

Sources:

IOActive Blog

SimpliSafe Blog

Author:  Doyle Serink is a systems integrator for Ion Security Systems with 25 years experience in Security, Home Automation, Networking and A/V.  

Advertisements
This entry was posted in Ion Security, News, Uncategorized and tagged , , , , , , , , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s