Your home is insecure: Practical attacks on wireless home alarm systems

Tao Li; Dianqi Han; Jiawei Li; Ang Li; Yan Zhang; Rui Zhang; Yanchao Zhang

doi:10.1109/INFOCOM42981.2021.9488873

Your home is insecure: Practical attacks on wireless home alarm systems

Tao Li, Dianqi Han, Jiawei Li, Ang Li, Yan Zhang, Rui Zhang, Yanchao Zhang

Engineering, Ira A. Fulton Schools of (IAFSE)

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Wireless home alarm systems are being widely deployed, but their security has not been well studied. Existing attacks on wireless home alarm systems exploit the vulnerabilities of networking protocols while neglecting the problems arising from the physical component of IoT devices. In this paper, we present new event-eliminating and event-spoofing attacks on commercial wireless home alarm systems by interfering with the reed switch in almost all COTS alarm sensors. In both attacks, the external adversary uses his own magnet to control the state of the reed switch in order to either eliminate legitimate alarms or spoof false alarms. We also present a new battery-depletion attack with programmable electromagnets to deplete the alarm sensor's battery quickly and stealthily in hours which is expected to last a few years. The efficacy of our attacks is confirmed by detailed experiments on a representative Ring alarm system.

Original language	English (US)
Title of host publication	INFOCOM 2021 - IEEE Conference on Computer Communications
Publisher	Institute of Electrical and Electronics Engineers Inc.
ISBN (Electronic)	9780738112817
DOIs	https://doi.org/10.1109/INFOCOM42981.2021.9488873
State	Published - May 10 2021
Event	40th IEEE Conference on Computer Communications, INFOCOM 2021 - Vancouver, Canada Duration: May 10 2021 → May 13 2021

Publication series

Name	Proceedings - IEEE INFOCOM
Volume	2021-May
ISSN (Print)	0743-166X

Conference

Conference	40th IEEE Conference on Computer Communications, INFOCOM 2021
Country/Territory	Canada
City	Vancouver
Period	5/10/21 → 5/13/21

ASJC Scopus subject areas

Computer Science(all)
Electrical and Electronic Engineering

Access to Document

10.1109/INFOCOM42981.2021.9488873

Cite this

Your home is insecure : Practical attacks on wireless home alarm systems. / Li, Tao; Han, Dianqi; Li, Jiawei; Li, Ang; Zhang, Yan; Zhang, Rui; Zhang, Yanchao.

INFOCOM 2021 - IEEE Conference on Computer Communications. Institute of Electrical and Electronics Engineers Inc., 2021. 9488873 (Proceedings - IEEE INFOCOM; Vol. 2021-May).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Li, T, Han, D, Li, J, Li, A, Zhang, Y, Zhang, R & Zhang, Y 2021, Your home is insecure: Practical attacks on wireless home alarm systems. in INFOCOM 2021 - IEEE Conference on Computer Communications., 9488873, Proceedings - IEEE INFOCOM, vol. 2021-May, Institute of Electrical and Electronics Engineers Inc., 40th IEEE Conference on Computer Communications, INFOCOM 2021, Vancouver, Canada, 5/10/21. https://doi.org/10.1109/INFOCOM42981.2021.9488873

@inproceedings{9739cb38004c486c94ab8459460b0db6,

title = "Your home is insecure: Practical attacks on wireless home alarm systems",

abstract = "Wireless home alarm systems are being widely deployed, but their security has not been well studied. Existing attacks on wireless home alarm systems exploit the vulnerabilities of networking protocols while neglecting the problems arising from the physical component of IoT devices. In this paper, we present new event-eliminating and event-spoofing attacks on commercial wireless home alarm systems by interfering with the reed switch in almost all COTS alarm sensors. In both attacks, the external adversary uses his own magnet to control the state of the reed switch in order to either eliminate legitimate alarms or spoof false alarms. We also present a new battery-depletion attack with programmable electromagnets to deplete the alarm sensor's battery quickly and stealthily in hours which is expected to last a few years. The efficacy of our attacks is confirmed by detailed experiments on a representative Ring alarm system.",

author = "Tao Li and Dianqi Han and Jiawei Li and Ang Li and Yan Zhang and Rui Zhang and Yanchao Zhang",

note = "Funding Information: XI. ACKNOWLEDGEMENT This work was supported in part by the US National Science Foundation under grants CNS-1933069, CNS-1824355, CNS-1619251, CNS-1933047, CNS-1718078, and CNS-1651954 (CAREER). Publisher Copyright: {\textcopyright} 2021 IEEE.; 40th IEEE Conference on Computer Communications, INFOCOM 2021 ; Conference date: 10-05-2021 Through 13-05-2021",

year = "2021",

month = may,

day = "10",

doi = "10.1109/INFOCOM42981.2021.9488873",

language = "English (US)",

series = "Proceedings - IEEE INFOCOM",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

booktitle = "INFOCOM 2021 - IEEE Conference on Computer Communications",

}

TY - GEN

T1 - Your home is insecure

T2 - 40th IEEE Conference on Computer Communications, INFOCOM 2021

AU - Li, Tao

AU - Han, Dianqi

AU - Li, Jiawei

AU - Li, Ang

AU - Zhang, Yan

AU - Zhang, Rui

AU - Zhang, Yanchao

N1 - Funding Information: XI. ACKNOWLEDGEMENT This work was supported in part by the US National Science Foundation under grants CNS-1933069, CNS-1824355, CNS-1619251, CNS-1933047, CNS-1718078, and CNS-1651954 (CAREER). Publisher Copyright: © 2021 IEEE.

PY - 2021/5/10

Y1 - 2021/5/10

N2 - Wireless home alarm systems are being widely deployed, but their security has not been well studied. Existing attacks on wireless home alarm systems exploit the vulnerabilities of networking protocols while neglecting the problems arising from the physical component of IoT devices. In this paper, we present new event-eliminating and event-spoofing attacks on commercial wireless home alarm systems by interfering with the reed switch in almost all COTS alarm sensors. In both attacks, the external adversary uses his own magnet to control the state of the reed switch in order to either eliminate legitimate alarms or spoof false alarms. We also present a new battery-depletion attack with programmable electromagnets to deplete the alarm sensor's battery quickly and stealthily in hours which is expected to last a few years. The efficacy of our attacks is confirmed by detailed experiments on a representative Ring alarm system.

AB - Wireless home alarm systems are being widely deployed, but their security has not been well studied. Existing attacks on wireless home alarm systems exploit the vulnerabilities of networking protocols while neglecting the problems arising from the physical component of IoT devices. In this paper, we present new event-eliminating and event-spoofing attacks on commercial wireless home alarm systems by interfering with the reed switch in almost all COTS alarm sensors. In both attacks, the external adversary uses his own magnet to control the state of the reed switch in order to either eliminate legitimate alarms or spoof false alarms. We also present a new battery-depletion attack with programmable electromagnets to deplete the alarm sensor's battery quickly and stealthily in hours which is expected to last a few years. The efficacy of our attacks is confirmed by detailed experiments on a representative Ring alarm system.

UR - http://www.scopus.com/inward/record.url?scp=85111925872&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85111925872&partnerID=8YFLogxK

U2 - 10.1109/INFOCOM42981.2021.9488873

DO - 10.1109/INFOCOM42981.2021.9488873

M3 - Conference contribution

AN - SCOPUS:85111925872

T3 - Proceedings - IEEE INFOCOM

BT - INFOCOM 2021 - IEEE Conference on Computer Communications

PB - Institute of Electrical and Electronics Engineers Inc.

Y2 - 10 May 2021 through 13 May 2021

ER -

Your home is insecure: Practical attacks on wireless home alarm systems

Abstract

Publication series

Conference

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this