Together with my colleague Matthias Deeg I’ve done some research on several (cheap) wireless alarm systems. We found that it is possible to disarm all systems by a simple replay attack. Such an attack can be easily carried out using a Software Defined Radio (SDR). The results of our research have been documented by “Plusminus”, a German TV show.
Update: There was huge feedback on the TV report. Manufacturers of alarm systems have been calling us because their customers want to know, if the alarm system they bought is secure. Together with the manufacturers we tested several more expensive systems. One of the systems is even used to secure museums with high value items. Turns out it is just as easy to disarm as the cheap ones. However, not all of the tested systems were prone to simple replay attacks.
- TV report by Plusminus (German only, sorry for the bad quality)
- Article on syss.de (German only, with links to security advisories)