Hello From A Security Researcher

[Scotmod]

This is the BMW attack I am talking about:

http://jalopnik.com/5923802/watch-hackers-steal-a-bmw-in-three-minutes

It's a genuine issue. BMW took a long time to take notice of this, probably because they thought thieves were not sophisticated enough.

I think many are missing a key point here - a single device, literally the size and shape of a wrist watch - can cause significant problems with many alarms available on the market. It requires no skill to operate. It doesn't require my skill or knowledge to use. It costs £30. Would this not be an attractive proposal to a burglar?

 

They also needed to gain entry first to make it work. 

 

But

 

I think many are missing a key point here - a single device, literally the size and shape of a wrist watch - can cause significant problems with many alarms available on the market. It requires no skill to operate. It doesn't require my skill or knowledge to use. It costs £30. Would this not be an attractive proposal to a burglar?

 

You're also missing my point. Without doing some surveillance on a system there is no way for you to tell from outside the property that it is a wireless system or hardwired. None at all. By using this advanced piece of kit, regardless of how easy it is to use or make means that whatever you are planning to steal should be protected by grade 3/4. Most likely 3. The fact you can use it on a grade 2 system is meaningless.

[cybergibbons]

To be fair to the guy the manufacturers can afford better legal representation than some engineer buying off the shelf. A cease a desist letter would probably halt the guy. I think a few are taking this a little bit too much to heart. 

 

 

 

 

http://news.cnet.com/2009-1001_3-958129.html

 

Plenty of stories like this from the IT profession. "Hey, I found this glaring loophole on your software. You may want to patch it up before someone really makes you have a bad day" "You broke in to our software, say hello to a lawsuit"

Thankfully we are in the UK not the US and have much less draconian laws. But you are correct, this is why I am not disclosing which alarms have problems and how to exploit them. I can't even outline some of the issues as information about the protocol uniquely identifies the alarm.

[Scotmod]

But again i'd like you to answer my second point please. I feel it's very valid and would help your research.

[cybergibbons]

But again i'd like you to answer my second point please. I feel it's very valid and would help your research.

It's a fair point.

I can detect from outside a property if a wireless alarm is in use within a few minutes (due to the supervisory reporting), and can tell which manufacturer out of the listed alarms is in use. If the properties are sufficiently far apart, I can tell which property it is. I can't tell if the system has no wired sensors at all.

I'd be interested in seeing statistics on burglaries - how much was stolen in value vs. the grade of alarm. I know, for a fact, many people use safes which are nowhere near strong enough for the value contained within them. Is it the same with alarms?

[matthew.brough]

It's a fair point.I can detect from outside a property if a wireless alarm is in use within a few minutes (due to the supervisory reporting), and can tell which manufacturer out of the listed alarms is in use. If the properties are sufficiently far apart, I can tell which property it is. I can't tell if the system has no wired sensors at all.I'd be interested in seeing statistics on burglaries - how much was stolen in value vs. the grade of alarm. I know, for a fact, many people use safes which are nowhere near strong enough for the value contained within them. Is it the same with alarms?

Err yes! Plenty grade 2 kit protecting stuff it wasn't designed for.

[MrHappy]

IMHO a house with an alarm is most likely to be done for the car on the drive rather than contents,

[cybergibbons]

Err yes! Plenty grade 2 kit protecting stuff it wasn't designed for.

Would be good to see some numbers though, eh?

Thanks for the interesting discussion by the way. I'm especially enjoying Scotmod's line - I'd rather all of this was challenged and discussed than dismissed.

[Scotmod]

It's a fair point.

I can detect from outside a property if a wireless alarm is in use within a few minutes (due to the supervisory reporting), and can tell which manufacturer out of the listed alarms is in use. If the properties are sufficiently far apart, I can tell which property it is. I can't tell if the system has no wired sensors at all.

I'd be interested in seeing statistics on burglaries - how much was stolen in value vs. the grade of alarm. I know, for a fact, many people use safes which are nowhere near strong enough for the value contained within them. Is it the same with alarms?

 

Indeed, i'm guessing you'll be on a laptop or an Ipad or at least something that relays this information to you? The statistics don't really matter because the insurance industry is so broken towards alarms and gradings that if you had anything that would warrant a grade 3 alarm in a domestic or commercial premises your insurers would know what you have before it gets stolen and would most likely pay anyway.

 

That and people using a grade 2 system then installing say a safe but not notifying their insurers. Same thing really.

 

 

IMHO a house with an alarm is most likely to be done for the car on the drive rather than contents,

 

 

Porsche in the drive nothing in the fridge mentality for most folk.

[datadiffusion]

Thanks Joe. What you say is true - I unequivocally do not want to sell a device to stop alarms working on ebay. I am saying that this is possible, and I am surprised it has not been done before.

 

 

Whilst I'm NOT surprised whatsoever. I think this is the issue here, for me anyway. What your doing is fine - to be applauded in fact - but please don't try and inject a false sense of jeopardy!

 

I use the Scantronic kit myself, and thats used the same wireless peripherals for some time - the Ion itself isn't exactly new but the wireless bits are even older, and yet there have been no reported attacks or compromises of this sort. Because its not possible? Nope, clearly not, but because the average UK burglar to the sort of domestic properties where this kind of G2 or even G3 kit is used can hardly walk by the end of the day because they are so smacked up.

[cybergibbons]

Indeed, i'm guessing you'll be on a laptop or an Ipad or at least something that relays this information to you? The statistics don't really matter because the insurance industry is so broken towards alarms and gradings that if you had anything that would warrant a grade 3 alarm in a domestic or commercial premises your insurers would know what you have before it gets stolen and would most likely pay anyway.

 

That and people using a grade 2 system then installing say a safe but not notifying their insurers. Same thing really.

 

 

 

Porsche in the drive nothing in the fridge mentality for most folk.

The specific device is a TI Chronos watch:

http://processors.wiki.ti.com/index.php/EZ430-Chronos

It's very versatile, and I've yet to find an alarm system it won't work with (a lot of the alarms actually use the same CCxxxx chip it has). The power is not very high though - it's pretty much read only. The display isn't great, but it works.

For practical attacks, I'm using this:

http://shop.ciseco.co.uk/arf-high-power-radio-transceiver/

As it has half a watt of output power. It's actually strong enough to totally screw up the AGC in some RF front ends.