Stupid Security In A Security System

August 28, 2014 by 66 Comments

alarm

[Yaehob]’s parents have a security system in their house, and when they wanted to make a few changes to their alarm rules – not arming the bathroom at night – an installer would come out, plug a box into the main panel, press a few buttons, and charge 150 €. Horrified at the aspect of spending that much money to flip a few bits, [yaehob] set out to get around the homeowner lockout on the alarm system, and found security where he wasn’t expecting.

Opening the main panel for the alarm system, [yaehob] was greeted with a screeching noise. This was the obvious in retrospect tamper-evident seal on the alarm box, easily silenced by entering a code on the keypad. The alarm, however, would not arm anymore, making the task of getting ‘installer-level’ access on the alarm system a top priority.

After finding a DE-9 serial port on the main board, [yaehob] went to the manufacturer’s website thinking he could download some software. The website does have the software available, but only for authorized distributors, installers, and resellers. You can register as one, though, and no, there is no verification the person filling out a web form is actually a distributor, installer, or reseller.dist

Looking at the installer and accompanying documentation, [yaehob] could see everything, but could not modify anything. To do that would require the installer password, which, according to the documentation was between four and six characters. The system also responded quickly, so brute force was obviously the answer here.

After writing up a quick script to go through all the possible passwords, [yaehob] started plugging numbers into the controller board. Coming back a bit later, he noticed something familiar about what was returned when the system finally let him in. A quick peek at where his brute force app confirmed his suspicions; the installer’s code was his postal code.

From the installer’s point of view, this somewhat makes sense. Any tech driving out to punch a few numbers into a computer and charge $200 will always know the postal code of where he’s driving to. From a security standpoint, holy crap this is bad.

Now that [yaehob]’s parents are out from under the thumb of the alarm installer, he’s also tacked on a little bit of security of his own; the installer’s code won’t work anymore. It’s now changed to the house number.

Cloning An Infrared Disarming Remote Of A $8 Home Security System

September 15, 2013 by 4 Comments

5

[Sylvio] decided to buy one of the cheap alarm systems you can find on the internet to have a look at its insides. The kit he bought was composed of one main motion sensor and two remote controls to arm/disarm it.

Communication between the remotes and the sensor is done by using infrared, requiring a direct line of sight for a signal to be received. Modern alarm systems typically use RF remotes with a typical frequency of 434MHz or 868MHz.  In his write-up, [Sylvio] first tries to replicate the IR signal with one of his ‘learning remote controls’ without success and then proceed to reverse engineering the remote circuit shown in the above picture. Hackaday readers may figure out just by looking at it that it is a simple astable multivibrator (read ‘oscillator’). Its main frequency is 38.5kHz, which is typical for IR applications. Therefore, if one of your neighbours had this ‘security system’ one could just disarm it with any of the same remotes…

[Sylvio] then explains different ways to replicate the simple IR signal, first with an Arduino then with a frequency generator and finally using the USB Infrared Toy from Dangerous Prototypes. We agree with his conclusion: “you get what you pay for”.

Hackerspace Security System Brings RFID, Video Feedback, And Automatic Doors

April 17, 2013 by 38 Comments

rfid-hackerspace-door-lock

[Will] has been hard at work on a replacement system for his Hackerspace’s RFID door lock. The original is now several years old and he’s decided to upgrade to a much more powerful processor, adding some bells and whistles along the way.

The control box seen above is the exterior component of the system. It’s a telephone service box like you’d find on the back of most houses in the US. They had a few of these lying around and they are a perfect choice because… well… they’re meant to be locking enclosures that brave the elements. [Will] made the jump from an Arduino which has run the locks for the last three years to a Raspberry Pi board. This gives him a lot of extra power to work with and he took advantage of that by adding a vehicle backup LCD screen for visual feedback. You can see it giving the ‘Access Granted’ message he used during testing but the demo video after the break shows that they plan to do some image scripting to display a head shot of the RFID tag owner whenever a tag is read.

There are several other features included as well. The system Tweets whenever a tag is read, helping the members keep tabs on who is hanging out at the space right now. It also patches into a sliding door which one of the members automated using a garage door opener motor.

Continue reading “Hackerspace Security System Brings RFID, Video Feedback, And Automatic Doors”

Getting Connected With Your Home Security System

July 30, 2012 by 24 Comments

This simple device, paired with some creating code will let you become your own home security monitoring service. It’s called the PhantomLink and [Adam] started the project as a commercial venture. He recently decided to go open source with the hardware and will soon be posting a guide on how to program your own web interface too.

We just looked in on a project which takes control of a security panel using an Arduino. The PhantomLink is focused on not just reusing the input hardware, but monitoring the whole system. It sounds like several different protocols are supported.

The DB9 jack is intended for use with an adapter you can wire yourself. Basically just tap into the terminal block on the alarm controller for your house, then route those connections to the proper pins. A PIC 12F683 monitors the alarm system, pushing data via the WiFi module mounted on the board. With that web connection you can do anything you want by catching and formatting the data.

beer-security

Beer Security System Keeps Freeloaders Out Of Your Stash

November 3, 2011 by 29 Comments

The crew at the Milwaukee Hackerspace are pretty serious about their beer. They used to have a fridge filled with cans, available to all at the hackerspace, but they decided to beef things up and create a secured beer dispensing system.

Like many others we have seen, their kegerator is built into an old refrigerator, complete with a tap built into the door. To ensure that interlopers are kept from their precious brew, they have secured the refrigerator using an Arduino and RFID tags to grant access. They use the same RFID key fobs members carry to gain access to the space for tracking beer consumption, unlocking the tap whenever a valid tag is swiped past the sensor.

They are still in the midst of tweaking and revising the system, but it looks good so far. It’s a great way to keep uninvited guests from their beer stash, while giving them a way to track consumption at the same time. We’re looking forward to seeing more details and code once things are completely wrapped up.

[via BuildLounge]

Security System Gives You A Call When It Senses Intruders

September 8, 2011 by 13 Comments

gsm_motion_detector_alarm_system

[Dimitris] decided to build a homemade alarm system, but instead of triggering a siren, sending an SMS message, or Tweeting about an intrusion, he preferred that his system call him when there was trouble afoot. He says that he preferred a call over text messaging because there are no charges associated with the call if the recipient does not pick up the line, which is not the case with SMS.

The system is based around an off the shelf motion detector that was hacked to work with an old mobile phone. The motion detector originally triggered a siren, but he stripped out the speaker and wired it to a bare bones Arduino board he constructed. The Arduino was in turn connected to the serial port of an unused Ericssson T10s mobile phone. This allows the Arduino to call his mobile phone whenever the motion detector senses movement.

The system looks to be quite useful, and while [Dimitris] didn’t include all of the code he used, he says others should be able to replicate his work without too much trouble.

Modular Security System Is Portable Too

May 5, 2011 by 11 Comments

diy_security_system

Hackaday reader [Oneironaut] wrote in to share a modular, portable security system he built for himself.

He likes visiting the Caribbean, but his favorite vacation spot is apparently rife with cat burglars. He enjoys sleeping with the windows open and wanted to find a way to scare off ne’er do wells. At home, there are a few different buildings on the property he owns, and he was looking to keep curious trespassers away.

The alarm system was built using a matrix keypad that interfaces with an ATMega88 micro controller. The micro controller handles all the logic for the system, triggering an attached “pocket alarm” when ever the sensor is tripped. Like most household alarms, it is armed and disarmed via the keypad, giving the user 60 seconds to enter the disarm code if the alarm has been mistakenly tripped. A wide array of trigger methods can be used, from mercury switches to motion detectors, since his alarm uses a simple plug interface that accepts any two-wire sensor.

Now, no one is claiming that this is high security by any means – the alarm addresses a couple of specific scenarios that apply to [Oneironaut], which may also be applicable to others out there. At the end of the day, the alarm is more meant to scare an intruder into fleeing than anything else, and in that respect, it works perfectly.

Continue reading to see a quick video demonstration of his alarm system in action.

Continue reading “Modular Security System Is Portable Too”