Stupid Security In A Security System

alarm

[Yaehob]‘s parents have a security system in their house, and when they wanted to make a few changes to their alarm rules – not arming the bathroom at night – an installer would come out, plug a box into the main panel, press a few buttons, and charge 150 €. Horrified at the aspect of spending that much money to flip a few bits, [yaehob] set out to get around the homeowner lockout on the alarm system, and found security where he wasn’t expecting.

Opening the main panel for the alarm system, [yaehob] was greeted with a screeching noise. This was the obvious in retrospect tamper-evident seal on the alarm box, easily silenced by entering a code on the keypad. The alarm, however, would not arm anymore, making the task of getting ‘installer-level’ access on the alarm system a top priority.

After finding a DE-9 serial port on the main board, [yaehob] went to the manufacturer’s website thinking he could download some software. The website does have the software available, but only for authorized distributors, installers, and resellers. You can register as one, though, and no, there is no verification the person filling out a web form is actually a distributor, installer, or reseller.dist

Looking at the installer and accompanying documentation, [yaehob] could see everything, but could not modify anything. To do that would require the installer password, which, according to the documentation was between four and six characters. The system also responded quickly, so brute force was obviously the answer here.

After writing up a quick script to go through all the possible passwords, [yaehob] started plugging numbers into the controller board. Coming back a bit later, he noticed something familiar about what was returned when the system finally let him in. A quick peek at where his brute force app confirmed his suspicions; the installer’s code was his postal code.

From the installer’s point of view, this somewhat makes sense. Any tech driving out to punch a few numbers into a computer and charge $200 will always know the postal code of where he’s driving to. From a security standpoint, holy crap this is bad.

Now that [yaehob]‘s parents are out from under the thumb of the alarm installer, he’s also tacked on a little bit of security of his own; the installer’s code won’t work anymore. It’s now changed to the house number.

Homemade Alarm System Doesn’t Lack Features

alarm system

To many of us, our garage (or workshop) is probably one of the most important parts of the house. If a burglar broke in, we’d likely be more worried about our tools! [Ron Czapala] decided he needed an alarm system in his garage to keep his stuff safe, so he decided to build one from scratch.

The system makes use of a Parallax 4×4 keypad membrane, a MCP23008 port expander, a Parallax Propeller, a LCD screen, and a few switches to represent future magnetic reed switches located in the door and window.

Using circular buffers, the propeller has several states for monitoring the garage.

  • Not armed — ignore all sensors
  • Armed — system will react to changes in the sensors
  • Exit delay — system has been armed, 45 second countdown has begun to allow you to exit the garage
  • Window trigger — if the window is opened, the alarm will go off immediately (siren and strobe light)
  • Door trigger — alarm will go off in 60 seconds if correct code has not been entered on the keypad

For a complete demonstration, check out the following video where [Ron] explains it all!

[Read more...]

Directing an alarm system straight to the Internet

[Scott] has a pretty nice alarm system at his house – it will give the operator at his alarm company enough information to determine if it’s a fire alarm, burglary, or just a cat walking in front of a sensor. [Scott] wanted to cut out the middle man and receive notifications from his alarm system on his phone. He did just that, with the help of a trusty Arduino and the very cool Electric Imp.

[Scott]‘s build began with an Arduino attach to a Raspi to monitor state changes in the alarm system. Because the designers of the alarm system included a very helpful four-wire bus between the alarm panels and the part connected to the phone line, [Scott] found it fairly easy to tap into these lines and read the current alarm status.

Dedicating a Raspberry Pi to the simple task of polling a few pins and sending data out over WiFi is a bit overkill, so [Scott] picked up an Electric Imp Arduino shield to transmit data over WiFi. We’ve played around with the Imp before, and [Scott] would be hard pressed to come up with a cleaner solution to putting his alarm monitor on the Internet.

Now [Scott] has a very tidy alarm monitor that sends updates straight to his cell phone, no middle man required. A very neat build, and an excellent use of a very cool WiFi device.

Follow

Get every new post delivered to your Inbox.

Join 92,441 other followers