By Martin Hodgson, Head of UK and Ireland at Paessler
A network is only as secure as the devices connected to it. With each connected device comes increased vulnerability. The modern household is no exception, with the recent explosion of IoT devices in the home creating a potential goldmine for hackers. Scarier still, many of these connected devices on home networks are dangerously unsecured. Even home alarm systems, designed to protect your home from physical intruders, may be a gateway for virtual intruders to access your private data.
Disconnected security systems are the safest solution for now
When it comes to home security systems, they’re not as secure as we think they are. In fact, they could potentially be putting us at risk. What’s surprising though, is that even our devices that are not connected to the internet – such as classic, non-digitised, 1993 kind of security systems – could pose a treacherous security threat. Although, still currently the safer option.
According to security researchers, even the best-selling home alarm systems could be easily undermined to either suppress the alarms or to generate several false alarms which would make them unreliable. This is because hackers could trigger a false alarm with a simple tool from a distance of up to 300 metres. Again, deactivation is possible from a similar distance. It doesn’t matter where the alarm was manufactured. This is based on the fact that most radio alarm systems are based on high-frequency signals sent between door and window sensors to a control system which triggers an alarm when one of these entries is breached.
Regardless of whether the alarm is activated or not, the signals can still be triggered each time a marked window or door is open. But when this option is activated, the system triggers the alarm and also sends a silent alarm to the monitoring company, which contacts the residents or the police. Many systems cannot encrypt or authenticate the signals sent by the sensors to the control panels, which makes it easy for anyone to intercept data, decrypt the commands, and return them to the control panels arbitrarily.
Every connection is a potential gateway
Whilst alarms not connected to the network are not completely safe – it gets worse. For consumers and businesses opting to choose a security system that does connect to the network – they risk being less secure than before even purchasing a security system.
Systems connected to IoT contain more security errors than we would realise. Think about it. Security systems that connect back to our mobile devices through the internet or the cloud may offer motion detectors, video cameras with recording functions and door and window sensors. But what they don’t offer – is the assurance that the only person watching these videos is the homeowner themselves.
Such home security systems are connected to a mobile device or the Internet through the cloud and have a multitude of functions such as motion detectors, door and window sensors, and video cameras with recording functions. Although the aim of these systems is to offer security to a homeowner, due to the vulnerabilities, the owner of the home security system is possibly not the only one monitoring the home.
Hackers have the capability to hack into an IoT smart home system. Once connected to your home system, the hacker can connect to your network. This gives the hacker access to any device associated with that network – be it your broadband, smart phone, smart heating system or computer. All this data connected to the network is then in the hands of the hacker – and data is one of our most valuable assets.
As we have seen since the earliest days of cybersecurity, so long as there is the potential for vulnerability, hackers will try to exploit it. Although they bring physical security to the home, alarm systems are not as secure from online threats as they need to be – and hackers know this. Action is urgently required to develop secure home alarm systems if we are to stymie the threat of attacks on home security systems. For now, hardwire systems are still the most secure and it is clear the industry has some way to go before secure connected security products hit the market.