Posts Tagged Premises Liability

The Security Risk of Wireless Alarm Systems: Lessons from Recent Detroit Burglaries

 

In recent years, technological advancements have brought about significant improvements in home security systems, making it easier than ever to protect our homes and loved ones. Wireless alarm systems, in particular, have gained popularity for their convenience and accessibility. However, as the saying goes, “with great power comes great responsibility.” Recent high-end burglaries in Detroit, specifically in Oakland County, have highlighted the security risks associated with wireless alarm systems. In this article, we will delve into these security concerns and explore the lessons we can learn from these unfortunate incidents.

The Detroit Burglaries: A Wake-Up Call

Since September of 2023, the city of Detroit has been rocked by a series of high-end burglaries that sent shockwaves through the community. Millions of dollars’ worth of valuables were stolen from homes across Oakland County, leaving homeowners shocked and law enforcement agencies scrambling to find answers. Two articles, one from ClickOnDetroit 1 and the other from Fox2Detroit 2, shed light on the situation, revealing that these heists were linked to a sophisticated Chilean crime ring.

While the details of these burglaries are indeed alarming, what’s equally unsettling is the fact that several of the targeted homes had wireless alarm systems in place. This raises a critical question: are these systems providing the level of security homeowners believe they are?

The Vulnerabilities of Wireless Alarm Systems

Wireless alarm systems have gained popularity because of their ease of installation, convenience, and scalability. However, they are not without their vulnerabilities, as the recent Detroit burglaries have shown. Here are some key security risks associated with wireless alarm systems:

  1. Signal Jamming: Wireless alarm systems rely on radio frequency signals to communicate between sensors and the control panel. Sophisticated burglars can use signal jammers to disrupt these signals, rendering the alarms useless.  These jammers are inexpensive and readily available, with a short learning curve on how to use them.  In some cases, just broadcasting with a small handheld radio on a specific frequency can disable a wireless door or window sensor.
  2. Hacking: In an era of interconnected devices, wireless alarm systems can be vulnerable to hacking attempts. Cybercriminals can gain access to your system and disarm it remotely, leaving your home exposed.
  3. Device Vulnerabilities: The devices themselves, such as door/window sensors and motion detectors, can be physically tampered with or disabled, making it easier for burglars to breach your home undetected.
  4. Limited Range: Wireless alarm systems typically have a limited range, making it essential to position sensors and repeaters strategically. If not done correctly, it can create blind spots that burglars can exploit.
  5. False Alarms: Wireless alarm systems are also prone to false alarms, which can lead to complacency on the part of homeowners or law enforcement agencies, potentially jeopardizing your home’s security.

Lessons Learned and Steps to Enhance Security

The recent Detroit burglaries serve as a stark reminder that even the most advanced security systems have their limitations. However, this doesn’t mean you should abandon wireless alarm systems altogether. Instead, consider the following steps to enhance your home’s security:

  1. Professional Installation: Opt for professional installation to ensure your wireless alarm system is set up correctly and securely.  Where possible, have sensors connected via hard wire, not wireless.  It may be more expensive initially, but is immune to signal jamming and the sensors don’t need battery replacements.
  2. Encryption: Choose a system with robust encryption to protect against hacking attempts.  Minimum encryption should be AES128 or better.
  3. Backup Power: Invest in a backup power supply to keep your system operational during power outages.  Backup power should last a minimum of 48-hours.
  4. Regular Updates: Keep your system’s firmware and software up to date to patch vulnerabilities.
  5. Supplement with Physical Security: Enhance your system with physical security measures like sturdy locks, reinforced doors, and security cameras.  Recorded video should be local to the camera (SD card) and a reliable video recorder on premises and/or in the cloud.
  6. Monitoring Services: Consider subscribing to a professional monitoring service that can alert authorities in case of an intrusion.  This is also beneficial for things like fire alarm monitoring, where they central station can dispatch the Fire Department to your house even if you’re not home.

Conclusion

Wireless alarm systems can be a valuable addition to your home security arsenal when used correctly and in conjunction with other security measures. However, it’s essential to be aware of their vulnerabilities and take steps to mitigate the risks. The recent high-end burglaries in Detroit remind us that staying informed and proactive about our home security is the key to protecting our homes and loved ones in an increasingly connected world.

As part of our services, Protective Resources performs dozens of Risk Assessments every year, sometimes for high-end executive residences of Fortune 500 corporations and other entities.    Many of these systems utilize wireless sensors or wireless internet connections for signaling or alarm notification.  While this is convenient, it opens up a potential attack surface for gaining entry to the premises.

References:

  1. “Millions of Dollars Lost in High-End Burglaries Across Oakland County” – ClickOnDetroit
  2. “High-End Michigan Burglaries Tied to Chilean Crime Ring Prompts Police Task Force” – Fox2Detroit

Posted in: Security Technology, Vulnerability Analysis

Leave a Comment (0) →

PINs Matter

scramblepad

Hirsch Scramblepad

When working with a client once, they asked us to help harden their biological research labs by recommending additional security measures they could install. We did an initial and very casual walkthrough with them of the labs and how they were used. They were particularly proud of the Hirsch Scramblepads they had installed for access controlled doors. For those unfamiliar with these, they are an ingenious type of PIN pad where the numbers change each time you begin to enter your PIN sequence. This way, someone cannot peek merely at where your fingers were and assume that if you were at the bottom right of the pad, it was a 9. Anyway, they were (and still are in some circles) the Cadillac of PIN pads for access control.

As we began interviewing some of the lab staff, we asked how well they liked the keypads and how they were used. Most responded that they felt the keypads worked very well and were kind of “Star Wars” like because of their technology. We soon learned however, that the PINs used were 4 digit pins, and that there were a couple of hundred people who had access to these labs. To make it worse, departmental policy was that the individual was allowed to select their own PIN.  Yikes.

So, I promptly walked up to a PIN pad, and entered “1234”.

“Click”.  The door opened.

Okay, “1379”.  “Click”.

Yep.  Hmmm, one more, “2468”.  “Click”.   Okay, I see the biggest problem…

The good news, is it was a cheap fix.  That doesn’t mean easy, it was just cheap.  The long term fix was to add card access with CARD+PIN readers to enhance security; but in the mean time, we just increased the number of digits in the PIN, and assigned the PINs to the staff instead of letting them pick their own.  That’s why it wasn’t easy.  Some of the staff complained because now they had to learn a new PIN, and sometimes they forgot it, locking themselves out of the lab until they could remember it or get it reset.   Memorizing a new number (don’t we have enough numbers, passwords, etc. to learn already?!) is not fun and shouldn’t be necessary just to get into work.

Reading this now, this all probably seems like common sense to you, and it is.  It’s just that sometimes common sense isn’t used in practical applications the way we would always expect.  Security is a hassle, an inconvenience.  So, someone decided to make it easier on people and let them pick their own PIN.   This is were Security Policy and Procedures come into play.  They should be developed, implemented, maintained, and tested.  Had a proper policy been conceived and applied to the issuance of access control PINs, our job wouldn’t have been so easy.

PINs Matter

Just like passwords, a weak PIN is worse than NO PIN at all, because it gives you a false sense of security when there really is none.  If you still use only PINs, pick unique PIN of at least 8 digits, and ensure that they are unique for each user.  But better still, couple a PIN with an additional level of access control such as card access or biometrics.  After all, two levels of security are always better than one.

 

 

Posted in: Access Control, Security Technology

Leave a Comment (0) →