Components of a SimpliSafe home security system
Photo: SimpliSafe

A video published on YouTube this week demonstrates how a potential thief could defeat the SimpliSafe wireless home security system—and serves as a cautionary reminder for consumers about the reality of wireless systems.

“Because these systems rely on wireless signals, there's always the possibility that they could be hacked,” says Justin Brookman, director of consumer privacy and technology policy for CR. And that's true of any internet-connected device, including other security products. For instance, researchers have discovered vulnerabilities in a number of smart lock systems in recent years.

“Safe, secure, efficient, wireless communication isn’t simple,” says Robert Richter, who leads security and privacy testing for Consumer Reports. “This has been shown to be a problem with Internet of Things devices in general.” 

How SimpliSafe’s System Was Defeated

Using a cheap wireless remote available on Amazon, a YouTuber who goes by the handle LockPickingLawyer was able to jam the signal from a SimpliSafe door sensor. With the signal suppressed, he could separate the two halves of the sensor undetected by the system’s base station—simulating a door opening without sounding the alarm. LockPickingLawyer notes that, during his experimentation, the system did sometimes send him a push notification that interference was detected. 

More on Home Security

SimpliSafe released a statement refuting the claims made in the video, noting that its system is designed to detect this kind of interference.

The company states that “prior knowledge of the layout of the motion sensors, door sensors and base station in the [customer’s] home and a rehearsal of how to move about the home would be necessary to confidently select a strength that will both jam and not be detected.”

In an additional statement, SimpliSafe says it’s planning to release an update to further protect against this kind of vulnerability and that “this update is currently in beta and will be released remotely in a month or so.”

Consumer Reports recently evaluated 10 DIY wireless home security systems, including SimpliSafe, for their security and smart home features, motion detection, ease of setup, ease of use, and video quality of add-on security cameras. All of the DIY systems we rate run on wireless frequencies that the Federal Communications Commission discloses in public filings, which are available on the internet.

We plan to investigate the potential vulnerabilities related to signal jamming in our labs.

Experts Weigh In

We asked experts from CR and the home security industry at large to weigh in on the issue. Henry Parra, a CR test engineer for consumer electronics, says SimpliSafe’s response is valid.

“SimpliSafe is correct in saying that a person looking to bypass the system will need to have prior knowledge of system setup,” says Parra. “If the transmitter is too powerful, the interference may be detected by the base station, and the power level required to jam the signal depends on where the base station is located.”

Parra adds that a low-power transmitter—like the one used in the LockPickingLawyer’s video—may or may not work in real-world situations with various materials in doors, windows, walls, and floors, as well as varying distances between the sensors and the base station.

And there's no real way around the wireless technology. According to Kirk MacDowell, president of home security consulting firm MacGuard Security Advisors, most home security systems today—both professionally-installed and do-it-yourself—make use of wireless devices. They’re easier and faster to install and don’t require drilling holes to run wiring.

He says that the industry has begun to make changes to prevent this kind of attack.

“The alarm industry has responded with 128-bit encrypted sensors with frequency hopping, making jamming less of an issue,” MacDowell says. “And most professional alarm dealers are using this technology.”

Frequency hopping is just what it sounds like—a sensor changes the frequency it uses to broadcast its signal, hopping from one to the next in an effort to avoid potential interference. According to FCC filings, the SimpliSafe security system uses only one frequency for its sensors. With that information, all you need is a transmitter that emits the same frequency to attempt to jam it.

We also looked up filings for competing systems. For example, the FCC filings of the Scout Alarm security system note that it uses a frequency range. But based on these filings, we don’t know if Scout Alarm’s system (and the other systems CR rates) employ frequency hopping. We are reaching out to the manufacturers of each system we rate to find out. So far, only one brand responded with specifics: Ooma told CR their security system “provides encryption and frequency hopping for communication between the base station and the sensors.” 

The Reality of Home Burglaries

As concerning as jamming might seem, most burglars won’t use this method to break into your home. The majority are decidedly low-tech.

“Most burglars will simply gain entry by a door or window and not try to electronically circumvent the alarm system,” says MacDowell. In fact, the most common method of entry in a burglary is forcible entry, such as kicking in a door, a method used in 57.5 percent of burglaries in 2017, according to the FBI.

In his YouTube video, the LockPickingLawyer warns against displaying the yard sign that comes with your system, arguing that it informs would-be burglars which system you own, along with any known weaknesses. But that may not be a good idea.

For starters, some municipalities require you to display a sign that an alarm is present on the property. And a sign from an alarm company may be enough to convince a would-be thief to move along to a house without one.

“You could always use a generic security system sign,” says Bernie Deitrick, CR’s test engineer for home security products. “That way you can still deter a potential burglar without revealing which system you use.”