Arduino-Powered Alarm System Has All The Bells And Whistles

Put aside all of the projects that use an Arduino to blink a few LEDs or drive one servo motor. [IngGaro]’s latest project uses the full range of features available in this versatile microcontroller and has turned an Arduino Mega into a fully-functional home alarm system.

The alarm can read RFID cards for activation and control of the device. It communicates with the front panel via an I2C bus, and it can control the opening and closing of windows or blinds. There is also an integrated GSM antenna for communicating any emergencies over the cell network. The device also keeps track of temperature and humidity.

The entire system can be controlled via a web interface. The Arduino serves a web page that allows the user full control over the alarm. With all of that, it’s hard to think of any more functionality to get out of this tiny microcontroller, unless you wanted to add a frickin’ laser to REALLY trip up the burglars!

24 thoughts on “Arduino-Powered Alarm System Has All The Bells And Whistles

  1. Cool. I wonder how difficult it would be to scrap the RFID system and work with a wi-fi hotspot using WPA2 that unlocks when authenticated with the MAC address of your phone. Would it be more or less secure? You could fake the MAC but you’d need the encryption key first.

    1. That’s an interesting idea, if you keep the WiFi connection on your phone turned on. Seems like you could wave an RFID dongle quicker than whip the phone out, turn on the WiFi connection, wait for it to connect, then wait for whatever process monitors the connected devices to signal the Arduino to open the door. Especially if you have an armload of groceries. You’d have to build in other safeguards as well, otherwise if your phone dies and you plug it in, the alarm will be disarmed as soon as there’s enough charge foe the phone to boot up and it connects to the WiFi.

    2. I’m not an expert in 802.11-related protocols, but I’m pretty sure that WPA2 doesn’t encrypt MAC addresses together with the data (also because that would force any legitimate host to decrypt each and every packet, just to establish whether they were addressed at him or not) – so MAC spoofing in itself is definitely possible.

          1. This is correct on the first part, but for the part of impactical, its more like impossible. ARP packets are used for the MAC and the ARP **CANNOT** be encrypted as that violates the point and function of ARP, take out ARP, you remove the ability for a computer to know where to send the packets, and for the correct computer to identify itself as the correct destenation. Think of it as your on a train and need to stop as station D, but you only know if you get off on station D. The computer would quite literaly have to send every packet to every computer in a subnet, and the other computer would have then start a public private encryption session, but it would break for every packet, not including the correct port addressing, port forwarding, dns requets, etc etc. Its impossible. Computers require absolutes for the fundementals of information exchange including trust, no matter what. The only secure system is the one that isn’t on.

    3. It’s far easier to do that with bluetooth, simply get a BT dongle and pair it to your phone, now your phone when nearby will connect to the BT dongle and you can easily detect if it’s connected. Plus it’s a lot easier to do than wifi sniffing would ever be.

      Add a Raspberry pi and you can with bluez easily trigger outputs base on cellphone Bluetooth mac addresses seen.

      1. MAC address may be easily faked. It’s possible, but I think not comfortable: WIFI is very long range, your phone will be discovered for a long time after you leave home, and it would be not so easy to start the alarm when you’re IN the house (during the night, for example). Same problems with blueetooth. I tried to use phone’s NFC but it’s not so easy since the phone NFC ID changes every time!

    4. Its a creative idea but unless your AP is going to offer a connection to the internet, there is no practical way to do this with wifi. when you connect with your phone, it will try to use the AP for email, twitter, whatever else needs a data connection. The closest way to reasonably do this would be to put the arduino on your network and have it ping the ip address of your phone, maybe once per second. RFID is your best option. Since i tend to open doors with the arm that has my watch on it, i plan to embed an RFID tag into my watch so the door will unlock when i grab the handle.

  2. I cannot understand why people would want a website for their alarm. A website on an arduino cannot be too secure and even then a denial of service attack will disable the alarm as it’s all running on the same microcontroller…..

    1. You’re right but it can be easily solved just putting the arduino webserver behind a vpn (that’s what I do): basically all smartphones support VPNS..
      However there are many ways to make it secure: for example a basic authentication through a simple pin that triggers a notification / alarm after some failed attempts.
      I don’t know if a DOS really hangs the arduino, I will try…

      1. What? A VPN wouldn’t help with DoS, or even web server/site exploits, it would just hide your web traffic and web address. You REALLY need to learn what your talking about. A DoS effects every device, no matter what, the only way to prevent against it is to off load the traffic, or block it. So if you set a block to a specific amount of refreshes/loads per second then you’d be fine, which since your using it just for you it would easy to do. Again though, please learn what your saying, as your WAY off base, don’t be lazy or arrogant, admit when you don’t know, then go spend the effort to learn it.

        1. If you make a VPN from your router to your phone The arduino webserver, that is in a private LAN, will be hidden. You may still attack the router somehow, but The arduino will be safe and it will still work.

  3. Wow no Bryan, take a step down. Nobody said an ATMega2560 was a “tiny” microcontroller. It’s a big honkin chip with a 100 pins, HW multiplier, multiple serial peripherals, timers and AD converters. He’s probably only using about 25% of the capability of that chip.

    For perspective, an ATTiny is a “tiny” microcontroller.

    1. Right, the Arduino Mega is really powerful. I choose to use it instead of other similar microcontroller because I can further expand the project easily, due to the many i/o pins and interfaces.

        1. Its no more powerfull than a bunch of other micros. I use PICs that destroy the ATmega when it comes to features. The nice thing about it is that I can choose how much power I need for a given project and save space and money over something like an arduino. And yes, I could make my own AVR boards too, but the PICs still blow the AVRs out of the water on every count.

          That said alarm panels are really pretty simplistic devices that are using pretty much the same microcontrollers, they just don’t bother with all the fancier features, unless its one of the newer units. They also focus a lot more on communication bus security so you can’t just slap a wedge between the keypad and panel (that easily) and they tend to use differential signals on the bus for reliability.

          I wouldn’t be worried about a web controlled alarm panel like this. It’s custom and the chances of anyone bothering to pick this guy out of random to hack his random home alarm is remote at best. I’d be more worried about the main stream services.

  4. BT has security vunerabilites last time I checked granted that was a long time ago, it’s probably been extensively patched.

    You wouldn’t need to take your phone out to connect to the wifi hotspot. Many phones automatically connect to a recognised wireless AP. You can script over that anyway… I understand the MAC address of the client would be visible to packet sniffing tools while connected. It would do no good to spoof the MAC alone because you would still need the encryption key to connect to the network? Correct me if my wireless security knowledge is out of date.

  5. Cool. I once toyed around with the idea of a DIY security system for my door, when I saw how cheaply electronic door strikes could be had on eBay, and because I’d been playing around with some sample Maxim iButtons that had 64-bit unique IDs (And thus could be used to securely identify people.)

    Though, I certainly like the idea of using the MAC addresses of phones that authorized users carry with them anyway as a means of authentication, if it can be ‘secure enough’. (I mean, it’s my apartment, not Los Alamos, I’m more worried about simple physical attacks than things like “Can someone get in if they somehow learned an authorized MAC address and spoofed it?”)

    What if, upon a device with that MAC address connecting to the network, the security system started issuing a challenge, and the device had a service running– just a simple app –to respond with a unique identifier? Now, I’ve never touched the ADK, hardware OR software, but if I’m not mistaken, if you wanted to get reaaaaally fancy-pants, shouldn’t it be possible to make a little MicroUSB dongle that’s just a USB-equipped MCU and a 1-wire chip with a unique 64-bit ID? (Maxim makes a chip version, too.)

    Basically, what I’d envision is this: You approach the security perimeter, your phone/tablet auto-connects to the wifi AP, if the MAC matches one on the list, it sends an ID challenge. The service on the mobile device polls the USB dongle, and the program in the MCU polls the 1-wire ID chip, which returns a 64-bit unique identifier, and the MCU passes that to the phone, which then sends it to the security system… If the MAC and ID match what’s in the system’s user database, you are authenticated.

      1. This still has security loop holes like rogue access point and spoofing, capturing etc. but its no trival task. Unless your neighbor is an experienced and/or skilled hacker they won’t figure it out. While MAC spoofing can be done automated, in three comands, and a person(script kiddie) just reading how to do it online could crack your security in a day or two.

Leave a Reply to JohnnyCancel reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.