Stupid Security In A Security System

alarm

[Yaehob]‘s parents have a security system in their house, and when they wanted to make a few changes to their alarm rules – not arming the bathroom at night – an installer would come out, plug a box into the main panel, press a few buttons, and charge 150 €. Horrified at the aspect of spending that much money to flip a few bits, [yaehob] set out to get around the homeowner lockout on the alarm system, and found security where he wasn’t expecting.

Opening the main panel for the alarm system, [yaehob] was greeted with a screeching noise. This was the obvious in retrospect tamper-evident seal on the alarm box, easily silenced by entering a code on the keypad. The alarm, however, would not arm anymore, making the task of getting ‘installer-level’ access on the alarm system a top priority.

After finding a DE-9 serial port on the main board, [yaehob] went to the manufacturer’s website thinking he could download some software. The website does have the software available, but only for authorized distributors, installers, and resellers. You can register as one, though, and no, there is no verification the person filling out a web form is actually a distributor, installer, or reseller.dist

Looking at the installer and accompanying documentation, [yaehob] could see everything, but could not modify anything. To do that would require the installer password, which, according to the documentation was between four and six characters. The system also responded quickly, so brute force was obviously the answer here.

After writing up a quick script to go through all the possible passwords, [yaehob] started plugging numbers into the controller board. Coming back a bit later, he noticed something familiar about what was returned when the system finally let him in. A quick peek at where his brute force app confirmed his suspicions; the installer’s code was his postal code.

From the installer’s point of view, this somewhat makes sense. Any tech driving out to punch a few numbers into a computer and charge $200 will always know the postal code of where he’s driving to. From a security standpoint, holy crap this is bad.

Now that [yaehob]‘s parents are out from under the thumb of the alarm installer, he’s also tacked on a little bit of security of his own; the installer’s code won’t work anymore. It’s now changed to the house number.

Stealth peephole camera watches your front door

webcam

In this week’s links post we mentioned an over-powered DSLR peephole that purportedly cost $4000. So when we saw this tip regarding a relatively inexpensive digital peephole, we thought some of you might be a bit more interested.

The hardware is quite simple; a decent webcam, a Raspberry Pi, and a powered USB hub. The camera gets stripped down to its PCB and hidden inside the door itself. Even if you see this from the inside it’s just a suspicious-looking wire which wouldn’t make most people think a camera was in use.

On the software side of things, [Alex] set up his Raspberry Pi as a 24/7 webcam server to stream the video online. Unlike using a cheap wireless CCTV camera, his video signals are secure. He then runs Motion, a free software motion detector to allow the camera to trigger events when someone comes sneaking by. It can be setup to send you a text, call you, play an alarm, take a picture, record a video… the list goes on. His blog has a full DIY guide if you want to replicate this system. We just hope you have a stronger door!

We covered a similar project back in 2011, but it had made use of real server instead of an inexpensive Raspberry Pi.

[Thanks Alex!]

Self monitoring a home alarm system

[Lior] wanted to cancel the monitoring system for his home’s alarm, but he didn’t want to stop using the alarm all together. The trick is to rig up some way to monitor it himself. It would have been simple to have it just call him instead of the alarm company since the system just uses a telephone connection. But this would require that he have a land line for it to connect to, and when it calls him he would have no idea what part of the system had been set off. He developed a way to have the system text message him with all of the available details.

An Arduino controls the system, with a SIM900 GSM shield to hand the cell side of things. The board to the left emulates the standard telephone line, with an M8870 DTMF touch tone decoder to figure out what the alarm system is telling him. He also needed to implement touch tone generation to talk back to the system. His write-up includes links to other articles he posted about hardware, software, and protocol specifics.

Home security anyone can build and install

We’ve been seeing quite a few home security hacks around here lately and we think they’re a lot of fun. This is one that we missed a few weeks ago. [Sharpk] used his existing home security system as inspiration for a completely DIY security system. Above you can see the tiny models he used to help visualize how the system would be installed.

The board at the center is a JeeNode, a development board that pairs an ATmega328 with a wireless module. There are three magnetic door sensors which you can easily find at the home, hardware, or electronics store around the corner. They’re basically a reed switch and a magnet; one mounts on the door, the other on the jamb. There is also a panic button and a PIR motion sensor. [Sharpk] has even been working on a UI for the system. He crafted a 3D model of his home’s floor plan in SketchUp and uses it to indicate which part of the system has been triggered.

Now he just needs to add a keypad for arming and disarming the system.

Getting connected with your home security system

This simple device, paired with some creating code will let you become your own home security monitoring service. It’s called the PhantomLink and [Adam] started the project as a commercial venture. He recently decided to go open source with the hardware and will soon be posting a guide on how to program your own web interface too.

We just looked in on a project which takes control of a security panel using an Arduino. The PhantomLink is focused on not just reusing the input hardware, but monitoring the whole system. It sounds like several different protocols are supported.

The DB9 jack is intended for use with an adapter you can wire yourself. Basically just tap into the terminal block on the alarm controller for your house, then route those connections to the proper pins. A PIC 12F683 monitors the alarm system, pushing data via the WiFi module mounted on the board. With that web connection you can do anything you want by catching and formatting the data.

Follow

Get every new post delivered to your Inbox.

Join 97,511 other followers