Our Commitment to Your Security
On Wednesday, the consulting firm IOActive wrote a blog post about SimpliSafe, suggesting that a determined attacker could intercept a SimpliSafe wireless communication and use it to disarm the system. We’d like to clarify a few important points:
- The hack described is sophisticated and highly unlikely. IOActive purchased specialized equipment and programmed a chip by writing custom code. Once programmed, the equipment would need to be within close proximity of the alarm system and in use the moment the system is disarmed by an authorized user.
- We have not received any reports of anyone attempting this to attack on our system outside of a controlled testing environment.
- We are also not aware of this happening to the systems of other major home security providers that use similar technology.
Nothing is more important to us than the security of our customers, and we take all potential vulnerabilities seriously. While we believe that the scenario described in the report is highly unlikely to occur, we are diverting engineering resources to investigate. In the meantime, we are not recommending any action on your part. However, if you are concerned, here are some steps you can take to optimize the security of your home:
- Change your PIN code regularly. This is a good security practice regardless.
- Monitor notifications of your alarm being disarmed for any unexpected activity.
- Take note of any suspicious person or unidentified equipment located very near to your home as you come and go, as the concern raised requires close proximity.
- If you have our Interactive plan, disarm your system with your smartphone or webapp, which bypasses this issue.
Of course, like all security systems, ours is not infallible. But we believe that SimpliSafe offers outstanding protection against real world problems, addressing the common ways that alarms are attacked. In designing our system, that’s what we’ve focused on preventing. For example:
- 1 in 5 burglars cut alarm or telephone wires before breaking in. Our system uses a cellular connection that can’t be physically cut.
- Burglars often smash keypads to try to prevent alarm signals from being sent. We separated the alarm signal from the keypad to mitigate this tactic.
- Our monitoring service has six redundant monitoring centers to reduce the risk that local catastrophes might affect your coverage.
- If an intruder disables your power or there is an outage, SimpliSafe’s battery backup is designed to continue to power your system.
The security of our systems is our top priority. We protect our own families with SimpliSafe. If you have any remaining concerns, we encourage you to give us a call (800-548-9508) and feel free to ask to speak to a supervisor.
One final note: we were not made aware of this issue until this week. IOActive tried to contact us via one of our employees on LinkedIn. To make it easier for security researchers to notify us going forward, we have set up a dedicated email address for them to reach us at: firstname.lastname@example.org.