How to spoof a burglar alarm

By Muthoga Kioni

Last week we briefly outlined a packet radio service Denial of Service (DoS) attack on a burglar alarm. We mentioned that by intercepting and re-conveying radio packets, you can set off several random alarms. Today we shall continue examining another burglar alarm breach.

Alarms have slowly become ubiquitous in our lives. They are used to monitor temperatures in supermarket freezers and can be found in everyday devices such as mobile phones and kitchen appliances. Burglar alarms are, however, more conspicuous and are used to protect homes, offices and sensitive premises like computer rooms. These alarms have evolved into digital systems and are increasingly becoming targets of hackers.

An example of this sophistication can be found in modern sophisticated alarms that have a fibre optic cable that you can loop around a protected object. If the cable is stretched or relaxed by less than a thousandth of a millimetre, the alarm is triggered. Apart from a DoS breach, another burglar alarm attack method that is derived from computing is spoofing. This is an attempt to gain access to a system by posing as an authorised user. It is synonymous with impersonating, masquerading or mimicking.

Social engineering

By pretending to be from the security company that handles the alarm system, a hacker would be able to obtain the serial number on the alarm control unit. This number is usually the cryptographic key that secures the unit’s communications.

With this number he/she can reprogramme a similar unit into a functionally identical one. It is then attached to the external cable of the legitimate system to ensure a continuous "all’s well" signal even when it isn’t. These substitute bogus control units are known as "black boxes" in the industry.

This modus operandi shares the same concept with computer spoofing. It is obvious that computers and alarm communication systems have merged. This has resulted in computer hacking techniques being used to attack burglar alarm systems.

Burglar alarm systems have not been the focus of ICT security professionals in the recent past. This area can no longer be ignored. It is, therefore, essential for these professionals to spend time understanding intruder alarm vulnerabilities due to their similarities with computer based intrusions.

—The writer (bmuthoga@hotmail.com) is an ICT Security and Forensic Specialist.