Ironically, potentially the least secure portion of an integrated security and smart home system is not the smart home portion of the system, but rather the security portion.
According to Mike Hackett, senior vice president of sales and marketing for Qolsys, some of the proprietary protocols that manufacturers use between wireless sensors and the control panel are unencrypted.
Traditionally, this was not a major concern, he explains. “Ten years ago, it would take a really smart person with a really gigantic server” to “pull up to someone’s house,” listen in on communications between elements of the security system and determine how to gain entry to the system, Hackett observes.
In today’s world, however, he notes that “there’s a simple radio you can buy on eBay or Amazon” which, when combined with watching a video on YouTube, can give almost anyone the ability to crack into unencrypted security system communications.
Communication between individual elements of an alarm system can be fairly infrequent, but according to Hackett, a potential burglar could hide a sniffer device in a bush near a home targeted for a heist and return a week or so later to gain the necessary information.
Some security manufacturers — including Qolsys, Alula and others — are now encrypting wireless security system communications and some offer retrofit kits for existing systems that may lack encryption. Retrofit kits may enable security dealers to replace only the radio portion of the existing panel, Hackett explains. To minimize upgrade costs, dealers may consider only replacing particularly critical sensors such as wireless key fobs and door/window contacts, he notes.
Advising customers about options such as these could be an important task for security dealers, considering that a recent Parks Associate survey conducted for Qolsys found that 64 percent of professionally monitored security system owners believe their home security system uses encrypted communications from the sensors to the panel, even though the percentage likely is considerably lower.
“Proprietary protocols used in various security products have varied in the degree of protection they provided, from highly rigorous to much less so,” comments Brad Russell, Connected Home research director for Parks Associates.
Security dealers that are members of the Consumer Technology Association may find an interactive tool developed by CTA to be useful in gauging the cyber security of a smart home installation. The tool steps the dealer through a series of questions and, based on those answers, provides a score to indicate the cyber security level of the installation.