davey_d's profile
Community Admin

Community Admin

 • 

3.1K Messages

Thu, Aug 8, 2019 8:47 PM

Jam Detection Update

RF Jamming is a technical reality.  All devices that use wireless communications protocols can be jammed. The good news is, a) this is *not* a known attack vector for home security, because it's not a reliable way to enter and move about a home undetected, and b) we have a jam detection algorithm that is being constantly tuned and updated behind the scenes, which notices if someone is trying to jam your system and alerts you. More on that below:



A little tech talk:




First we'd like to highlight one of the most annoying issues in detecting jam attacks: False positives are a huge problem. Radio signal "noise' is everywhere and intermittent. So for some customers these alerts could become annoying -- and potentially harmful if they created the incorrect feeling that their system isn't working.  We are constantly tuning our detection algorithm to get better and better at differentiating between normal, ubiquitous RF interference and actual, concerning jamming activity without frustrating you with a barrage of nuisance alerts.



Second, jamming without being detected would be extremely difficult, as is clear in the Youtube video.  The jam detection was triggered several times by the tester. Our system's array of multiple sensors and cameras (layers of protection), wireless communications protocols and jam detection algorithm work together to make it very hard for anyone to interfere with your system undetected.



Here's why:

The jamming demonstrated is under controlled conditions, with the "jammer" in close proximity to the base station and the sensor which is transmitting. Our testing shows that moving the jammer to another area away from the base station and having the sensor closer to the base station, the sensor could still communicate with the base station. Also, if the jammer is tuned too close to our transmission frequency, as it moves closer to the base station, it will trigger the RF jamming warning. In other words, prior knowledge of the layout of our motion sensors, door sensors and base station in the customers home and a rehearsal of how to move about the home would be necessary to confidently select a frequency that will both jam and not be detected -- let alone on the first try. Plus they would have to keep the jamming interference in that range for the entire time needed to pull off a burglary, while continuing to avoid detection. It's not impossible...but we're continuously improving our system to make it increasingly impossible.



We frequently tune our detection parameters and release security and usability updates. We are in the process of another round of detection algorithm tuning which will continue to refine our ability to differentiate between the brief interference noise that typically occurs in many homes, and actual bad actors. This update has been in the works for a while -- it's currently in beta and will be released remotely in a month or so.



Also, SimpliSafe already offers video verification -- an opt-in service where, in the event of an alarm, our professional monitoring center views video from your home, prioritizing it for the police. This enhances police response times when real alarm events are in progress, and cuts down on false alarms and unnecessary police dispatches. In the near future, we will offer video verification for potential interference events, where experts at our monitoring center can review footage and determine if police dispatch is warranted.



Finally, a reminder (found in this CNET article):


"The most likely burglary scenario by far is the unsophisticated crime of opportunity, usually involving a broken window or some other kind of brute-force entry. According to the FBI, crimes like these accounted for more than half of all residential burglaries in the US in 2017. The wide majority of the rest were unlawful, unforced entries that resulted from something like a window or a garage door being left open. The odds of a criminal using technical means to bypass a security system are so small that the FBI doesn't even track those statistics.'


We are a company that focused on protecting you, which means we work on protecting you against even unlikely scenarios like this.

4 Messages

Il y a 3 y

Forgive my ignorance, but if the issue is the frequency that SS uses, couldn't they switch their systems to a different frequency? Or, have a rolling frequency?

I assume that is easier said than done, but I just thought I'd ask.

Advocate

 • 

2.2K Messages

Il y a 3 y

Different frequency would require new hardware, and be compromised exactly the same way the instant the new frequency was discovered.  By, you know, looking at the fcc filing.

Now a rolling frequency would probably do the job.  Of course, every single piece of equipment would have to cost at least 10 times as much.  And none of the existing hardware would work.  SS so enjoyed the last bout of non-compatibility, I'm sure they are eager to do that again.

1.3K Messages

Il y a 3 y

Frequency hopping/spread spectrum isn't immune either. Heck, mil spec systems can be jammed. It all boils down to how "hard" the system needs to be relative to the risk and value of the asset.

The more assurance you want the bigger the check you're going to need to write. What is the proper balance? Each has to determine that for themselves.

57 Messages

Il y a 3 y

So I know the SS3 system has jamming detection, but does the SS2 also have jamming detection? I ask because there's a new video of a guy completely bypassing an SS2 system and there are no jamming notifications. I'm very concerned if my home security system that I've spent probably $600 on can be completely useless with a $6 remote.

https://www.youtube.com/watch?v=uJddtl5HZD4

1.3K Messages

Il y a 3 y

Jamming is not your concern with SS2. SS2 sends the arm/disarm signals unencoded so someone could, in theory, intercept those codes and send them back to disarm your system

It was all a big whooptido years back when SS2 was the current system. But, just like this deal with SS3, I am unaware of any reports of this actually happening to someone outside of a YouTube video.

Point being, stop worrying.

57 Messages

I think one thing you're not taking into consideration is the fact that this flaw has only recently become known to the general public and has now made national news. It's going to soon be well known by many people including burglars. I think it would be FAR more likely that someone would attempt to bypass an alarm by a simple garage door opener available anywhere vs trying to intercept a code and then transmit that code back to the base station to disarm the system. In other words, this seems to be a much bigger deal in my opinion. Simplisafe is a big security company, if its easily defeated with a $6 remote then that's a major critical flaw that needs to be addressed. Jamming wireless signals may be unavoidable, but if Simplisafe is able to detect it and act upon it appropriately then I think that would take care of most peoples concern, myself included, as long as it could take action quickly. I've invested a lot in my home security and I take the safety of my family seriously as you do. I just don't want this to be something that's not taken seriously and swept under the rug. I did get a chuckle out of your "stop worrying" comment, I mean, this is a home security forum. What do you expect? LOL

3 Messages

Id like to see the answer for this as well, this is a issue and leaves me frustrated know what I spent on my system, hardwired is better and I wish I had gone that route now, my nest house will be built hardwired and landline as well with call backup, this SS system looses cell reception on a daily basis in my location

60 Messages

Even hard-wired systems can be bypassed, and sometimes even easier, or with a single point/less points of failure (like they said anything can be; just like any door can be knocked down).

1.3K Messages

Il y a 3 y

The thing is I'm not worried about it so, for me, it's "So what?". There are plenty of things to worry about in life that are many, many times more likely to occur.

Someone simply kicking in your door for a smash and grab is more likely, many times over, than someone knowing you have this system and actually successfully jamming your system.

Il y a 3 y

I ordered a $2.75 remote transmitter off ebay. It arrived today, and I tried it... It blocked the signal when I was by the sensor and then tripped the sensor.

No alarm.

Later on I did get an interference text and email. But that was at least 15 minutes later and only twice out of four jams. This was only a low power cheap transmitter. A more expensive, more powerful transmitters would be much more effective.

I've removed my simplisafe warning signs and replaced them with Brinks so as no not advertise my alarm system and it vulnerability.

Is this problem the same with all wireless alarms? Or is simplisafe more prone to this.

I did call tech support and she said she never heard of this vulnerability? I armed my alarm and she placed it in test mode and we went thru the sensors and i was able to defeat several sensors. However, it depends on how far away I was from the sensor. Again I believe this was due to the low power transmitter I purchased.

I think Simplisafe needs to address this and an update.
I've had the same results as scottricharddavis posted. Using a cheap and weak remote, I'm able to jam my system from outside my house. The base station will start chanting "wireless interference detected" I'm then able to enter without triggering entry sensors, and I've been able to walk past motion sensors without them triggering as well!

Contrary to what Captain11 says the transmitter does NOT have to be "directly on top or next to the sensor" to jam the system. And, just to stress, I'm able to do this with a very cheap and low powered transmitter.

Captain

 • 

4.7K Messages

Il y a 3 y

@ scottricharddavis_1 , I had different findings when I tested with my 6.99 remote from Amazon.  (Paid more to get it in one day via Prime I guess...)  I had to put the remote directly on top or next to the sensor to block the signal. If I pressed and held the button about a foot away, it did not block anything and the alarm went off.  I did this about 10 times on different parts of the house and the results were the same. Additionally, I follow the "layers of security approach" with entry sensors on three desk drawers and a few more on doors internal to the house. Add break, motion and entry sensors, my position is that there is not much to worry about, although I never had SS stickers, signs etc.

167 Messages

Il y a 3 y

According to Johnny M's post on SimpliSafe's blog an update will be coming in a month or so...

https://simplisafe.com/blog/jam-detection-update

1.3K Messages

Il y a 3 y

FYI/FWIW, the info in the blog link and first post of this thread are the same, word-for-word, best I could tell.

Advocate

 • 

638 Messages

Il y a 3 y

While I was not concerned before, my other lines of security defense were inoperable yesterday (I had to replace a key component in my main hardwired cameras).

To make matters worse, I noticed a strange individual parked directly in front of my home the day prior (I caught him walking in front of my residence appearing lost the day before). I was going to report it to police the second day I saw him, but while his vehicle was new, it had no plates on the front or back - not even dealership printed. Those two days, my Internet went down soon after (and my ISP confirmed there was no scheduled maintenance). I also woke to my alarm being off the day before yesterday when I check it nightly at the Keypad and by App before bed. I never go to sleep without doing so. But, I do not believe that fits the scope of these vulnerabilities, capabilities (or, instead, how it works).

I was under the impression that one of the other sensors would activate if you were to bypass an Entry Sensor (Motion, etc.), but now I am reading different accounts of this presumption.

Anyway, what a day to have my primary camera need a fix, and I had a necessary appointment. I returned home to find something moved in my home office (I arrange things very carefully - part OCD, part backup to know if anyone has entered without the security cameras or alarm).

All of the above makes me wonder if this thing is catching on. While I take precautions (i.e., not advertising the system, making the Base Station challenging to find, instant triggers, covering the SimpliSafe logos, etc.), the one thing I have always disliked is the Base Station's announcement - "SimpliSafe On, Home." I know I can silence it; however, it is advantageous to hear inside when arming and disarming the system, especially when I plan to remain on the first floor and not the second or third. I never thought one could hear it due to the Base location. However, I just went outside, armed the system, and could listen to the announcement - with my window closed.

A stretch or paranoia, possibly, but I do know someone was in my office yesterday during the time I was gone. Something I never go near (purposely, it is the fail-safe), but appears to be of importance was moved.

Now, on to look through 4 hours of footage of my other cameras to see if they captured anything. I am still not overly worried, but until this is resolved (if ever), I will make sure to have someone present if my cameras are ever down again.

221 Messages

Il y a 3 y

Debunking Simplisafe's claims:
https://www.youtube.com/watch?v=uJddtl5HZD4

(Not my video.)

57 Messages

Il y a 3 y

I ordered and had delivered a cheap remote yesterday and I too was able to defeat SS3. Some things I noticed, if I was further from the base station and held the button on the remote while tripping a sensor the alarm would still go off. However, if I'm in the same room (living room) of the base station where I have several doors and windows I am able to defeat some of the sensors just by holding the button on the garage remote. The base station would only do the "wireless interface detected' voice prompt if I got within a couple feet of the base station. I got notifications and texts on my phone when the interference was detected but it would do me little good with my phone on silent at night. The front door I could jam about half the time but the rear patio door I could jam every time which is disappointing. I wish the system had thresholds where you could adjust how sensitive the interference detection is like low, medium or high. That way SimpliSafe doesn't have to find the perfect sensitivity, they can leave it up to the customer. Also, I like how the Nest Secure triggers the alarm when the interference is detected. I think it would be great if we could control the sensitivity and also have the option to turn on or off the siren when interference is detected. I for example, would like more sensitivity since I was able to completely jam the patio door sensor without the base station detecting the interference. I think these tweaks would alleviate much of the concern.

15 Messages

So what does this tell you? You test indicates you need to be very close to the base station in order to jam it. In real life can a potential burglar get that close? If so, then move the base station further away. Mine is in a 2nd floor room and it's impossible to get any where near it from outside the house. The reality is All wireless systems can be defeated in this manor. But as you say, maybe SimpliSafe can fine tune or give the user a sensitivity control and the alarm control when interference is a good idea. Maybe instead of alarm full on, it chirps?

Advocate

 • 

2.8K Messages

Il y a 3 y

Shiherlis, have you considered asking your PD to patrol your home area?

Were you able to find anything on your cameras? (would understand if you cannot answer for privacy reasons).

I hope you've ruled out anyone you know/trust who knows you have SS.  Otherwise, if you've prior taken steps to not advertise signs, etc, how would someone know you have SS?

Advocate

 • 

2.8K Messages

Il y a 3 y

That video (thanks, simplistuckon) seems to confirm the answer to a user who just asked a day or two ago, if SS2 could be jammed (as we already know that SS3 can be). The gentleman in the video tested with his SS2 system.  So, even if SS came out with a software update, SS2 users are out of luck.