Letter Re: The Vulnerability of Many Commonplace RF Electronics

Dear JWR,
Regarding the recently linked article on the hack of the Simplisafe alarm system, I’d like to alert readers to the fact that many, many radio frequency (RF) devices available on the US market have similar vulnerabilities. But it’s worse than that. These devices operate on one of several unlicensed radio frequency bands authorized under Title 47, part 15 of the FCC rules, most specifically Section 15.231.

There are transmitters available for purchase on 433MHz, as used by Simplisafe, and they are quite inexpensive. Many of these evaluation kits only require attachment of a battery and you are ready to transmit. Many car key (“remote door lock”) fobs use 315MHz, and 418MHz is also a common frequency for these low power transmitters. My point here is that you don’t have to have any computing or hacking experience whatsoever to mess with someone’s system using these frequencies. By just transmitting a continuous signal, the system will be rendered pretty much inoperative. A 315MHz transmission in a mall parking lot would prevent many car remotes from working, for example.

A transmission on the proper 433MHz frequency would prevent the Simplisafe main alarm unit from receiving signals from door or window sensors. Hopefully these systems have periodic polling of their sensors to at least detect the issue, but many will not. Some have configurable radio frequencies, but many do not.

The driveway sensors that operate on MURS frequencies could also easily be disabled by a cheap Chinese handheld radio programmed to transmit on those few channels. Using higher security spread spectrum operation at 902-928MHz (see part 15) is better, but it still could be jammed with sufficient RF power. This type of intentional interference is of course illegal.

In summary, none of these devices is unconditionally immune to hacking, even if only by someone with a $25 radio. The Simplisafe product is a decent low cost alarm system for what it is, and the stupid teens in your neighborhood will likely be detected as they jimmy your window. But be prepared and protected in other ways. Don’t bet your life on these systems. A crook with a $99 transmitter can lock you out of your slick wireless-enabled car if you don’t carry a backup key, and there you stand in the parking lot, totally exposed.

Just as you might avoid WiFi, cell phones and other wireless technology in public, consider the same caution at home. It’s hard to hack a wire without being right there! – Wired in Virginia