Warning: Internet Explorer is no longer supported by SimpliSafe and will produce unexpected behavior. Please use a more modern browser like Edge, Chrome, or Firefox for the full SimpliSafe experience.
×

Need help finding something?

Take this short quiz to find the right security system for you.

get recommendations
No thanks

Our Commitment to Your Security

On Wednesday, the consulting firm IOActive wrote a blog post about SimpliSafe, suggesting that a determined attacker could intercept a SimpliSafe wireless communication and use it to disarm the system. We’d like to clarify a few important points:

  • The hack described is sophisticated and highly unlikely. IOActive purchased specialized equipment and programmed a chip by writing custom code. Once programmed, the equipment would need to be within close proximity of the alarm system and in use the moment the system is disarmed by an authorized user.
  • We have not received any reports of anyone attempting this to attack on our system outside of a controlled testing environment.
  • We are also not aware of this happening to the systems of other major home security providers that use similar technology.

Nothing is more important to us than the security of our customers, and we take all potential vulnerabilities seriously. While we believe that the scenario described in the report is highly unlikely to occur, we are diverting engineering resources to investigate. In the meantime, we are not recommending any action on your part. However, if you are concerned, here are some steps you can take to optimize the security of your home:

  • Change your PIN code regularly. This is a good security practice regardless.
  • Monitor notifications of your alarm being disarmed for any unexpected activity.
  • Take note of any suspicious person or unidentified equipment located very near to your home as you come and go, as the concern raised requires close proximity.
  • If you have our Interactive plan, disarm your system with your smartphone or webapp, which bypasses this issue.

Of course, like all security systems, ours is not infallible. But we believe that SimpliSafe offers outstanding protection against real world problems, addressing the common ways that alarms are attacked. In designing our system, that’s what we’ve focused on preventing. For example:

  • 1 in 5 burglars cut alarm or telephone wires before breaking in. Our system uses a cellular connection that can’t be physically cut.
  • Burglars often smash keypads to try to prevent alarm signals from being sent. We separated the alarm signal from the keypad to mitigate this tactic.
  • Our monitoring service has six redundant monitoring centers to reduce the risk that local catastrophes might affect your coverage.
  • If an intruder disables your power or there is an outage, SimpliSafe’s battery backup is designed to continue to power your system.

The security of our systems is our top priority. We protect our own families with SimpliSafe. If you have any remaining concerns, we encourage you to give us a call (800-548-9508) and feel free to ask to speak to a supervisor.

One final note: we were not made aware of this issue until this week. IOActive tried to contact us via one of our employees on LinkedIn. To make it easier for security researchers to notify us going forward, we have set up a dedicated email address for them to reach us at: security@simplisafe.com.

I suspect they are also

I suspect they are also vulnerable to a record/replay hack. They may be lower powered and thus harder to record, but it is likely they also send a repetitive disarm signal.

FWIW, I read the article and

FWIW, I read the article and it was mentioned that one method took "hundreds of lines of C code" and the other, "dozens of lines of Python". Now, this trivializes just how sophisticated even a dozen lines of code can be, but the point I'm trying to make it that anyone employing this method likely isn't your average mindless thug looking to injure another human. I gotta tell ya, there are far easier, less detectable ways of achieving that than writing several hundred lines of code in one of the most difficult computer languages (if not THE most) out there.

That being said, I'm still feeling very safe against your typical night crawler. Now, If you are a high-profile individual and likely the target of someone with means and motivation, I suggest you pony up for something better, or even a little redundancy - a side arm and a German Shepherd. In the meantime, someone industrious enough to execute this definitely isn't out looking for their next fix without any regard for human life - they are probably gainfully employed in IT somewhere with better things to do.

What you say is true, however

What you say is true, however what you leave out is the fact that not every potential burglar has to develop an implementation to the vulnerability themselves. Just like with software vulnerabilities, once it's known, an attack tool needs to only be developed once, and then be published to the appropriate underground forum, etc. Hackers the world over then use it against their own circle of influence.

No different here, other than some apparently cheap hardware needs to be procured upon which to run the code, once it's published.

Disclaimer. I'm no engineer.

Disclaimer. I'm no engineer.

Could SS not design a keypad with severely limited range? Like 5 feet. You keep it beside your base station. You still have 30 seconds to get to it. And that's assuming you don't use the iPhone app to turn off the system.

Thoughts?

Disclaimer, I am an

Disclaimer, I am an engineer.

Why not a hardwired keypad? That would guarantee the "range" was whatever length the cord was, and eliminate the "recorded disarm" and any "non-encryption" hacks as well.

I think most people would opt for the convenience of the keypad at the entry/exit and sometimes "in the bedroom". If a new keypad is forthcoming, bigger keys spaced further apart, backlit keys, louder sounds and perhaps an "armed" LED would probably be more widely marketable.

This is my objective

This is my objective assesment as a security professional.

1. Vulnerability - The stream cipher used to transmit over the air pin permitting man in the middle replay attacks.
2. Exploit - Requires purchase of proprietary hardware, some coding. Also must be implemented from within signal range of the keypad.
3. Attack surface is small because of the proximity to keypad needed. However; over time the exploit will be repeatable and available for threat agents to purchase.
4. Risk - Assets exposed to risk include everything in your premises including your family, friends, pets.
5. Remediation - Simpli Safe has not come forward with a remediation plan for the vulnerability. Instead they have minimized the risk and documented measures that do not fix the vulnerability and that customers should already be using.

There is an upgrade offer for new keypad and base upgrade. The fix could and should be implemented with the new hardware upgrades. This will tell how committed Simpli Safe is to your safety and security...

I agree with your assessment,

I agree with your assessment, brian. But to the best of my knowledge, there is no offer for a new keypad and base upgrade. If there were such an offer and if the fix was implemented with the new hardware upgrades, I would indeed have a lot more confidence in SimpliSafe's commitment to my safety and security...

This is very concerning, and

This is very concerning, and I can find no indication that the problem is fixed. I will be researching other alarm systems.

A burglar doesn't have to actually know how to hack the system. It is likely someone with the know-how has built a small battery-powered device to do it, and is selling them right now. All a burglar has to do is put it into a pill bottle or other water-proof container, walk up to your house and throw it into your rain gutter or under a shrub (somewhere hidden), and wait a day or two. Then go back to your house when you're not home, and collect it. If the LED is lit up (meaning the PIN has been captured), hit a button, and they're in.

As for needing to be close to the house: a few years ago I lived on a hill overlooking the city. I bought a small Wifi dish antenna to play around with, and I could hit literally hundreds of Wifi APs as I scanned the dish over the city - some of them 3 or 4 miles away. Wifi systems broadcast with more power, but their signals are not as good at penetrating obstructions as 433 and 315Mhz are. I guarantee with the right antenna, I could easily hit your Simplisafe system from a block away.

The solution is to come up

The solution is to come up with a way to block the SS from being detected. The hardware could be self substaining.

This hacking issue should be

This hacking issue should be put to rest. I have requested in previous posts that those who believe it is easy to construct a device to hack SS should do so. So far, no takers. A person is more likely to be targeted if they post their life story as well as all they own on Facebook and other social media sites. Keep yourself private, don't brag, and don't advertise the security system you have. There is no way a burglar would build a device and target a certain individual unless he or she knew exactly what they were going to rob. If you brag about the rolex you are wearing or the diamond earings, bracelet and ring that you wife wears, then you will be robbed before you enter your house, as the burglar knows exactly where to find this stuff. So, there is no way a burglar is going to spend the time and money creating thousands of devices that he can stuff in a pill bottle and throw under a bush, as he himself may be under the bush waiting for you. Personally, I would prefer SS spend the time getting their camera working properly.

The solution is to come up

The solution is to come up with a way to block the SS from being detected. The hardware could be self substaining

How would you propose doing that, metyner97? (Visions of Chuck McGill dance in my head.)

In the final analysis, ericcox is right. The problem has not been fixed. Furthermore, it doesn't appear that this problem or any other problem like it CAN be fixed. And that's where I draw the line.

The headline in the article that appeared in Forbes Magazine on February 17, 2016 said SimpliSafe systems are "unfixable". How can a security system company that claims that the security of their security systems is their top priority let an allegation like that stand?

If Forbes is wrong, then I say SS should either prove it by fixing the vulnerability in its core security systems (the SS1 and the SS2) or challenging the findings of the article. So far to the best of my knowledge it has done neither. If Forbes is right and SimpliSafe core security systems are in fact "unfixable" as I suspect they are, then I say SS should tell its customers WHAT it intends to do about it and WHEN it intends to do it. Nothing less will satisfy me. YMMV.

And no, John. If the Forbes article is correct, I don't think getting its camera right should be more important to SimpliSafe than fixing its "unfixable" core security systems. Once again, YMMV. But I'm not interested in buying a dike with a hole in it.

I did say "personally", not

I did say "personally", not generally. As a user, I have no problem with the "unfixable" core security system.

That's why I said YMMV, John.

That's why I said YMMV, John. :-) You keep hugging the trees while I keep an eye on the forest. But while you're doing that, I'd invite you to ask yourself. How many more "unfixable" vulnerabilities would need to be discovered for you to say "this far and no further"?

Not that it matters to anyone

Not that it matters to anyone (at least me :-) I am personally not overly concerned with the hack and use SS2 daily, day in and day out, night after night, to protect my property and family.

bld522, we are all relieved

bld522, we are all relieved that you are looking out for us. I feel safer.

@Captain11, I feel the same as you do.

No, John. I'm only looking

No, John. I'm only looking out for those with the wisdom to see what's really going on here. Let's just say when it comes to SimpliSafe's apparent inability to fix vulnerabilities in its core security systems, I'm on the "design deficiency" side of the fence. And of course Captain11 feels the way he does. I'd have been blown away if he didn't feel that way.

You don't even own a system,

You don't even own a system, yet with your remarks, you are calling us all stupid. I guess it better than being weird.

No. I'm not calling ALL of

No. I'm not calling ALL of you stupid. As for me, I'm just waiting to see if it's possible for SS to give me what I need before I jump into the deep end. But I do agree with you about one thing. The further down the road I go with SS, the weirder it gets.

Anyway, good chatting. This

Anyway, good chatting. This stupid guy has to get back to running his million dollar plus business.

It's a pleasure as always,

It's a pleasure as always, John. And don't forget to take a branch or two with you. ;-)

PS: You see folks, some people can't let loose of the trees long enough to see the forest all around them. Those folks aren't stupid. They just see what they want to see. And John is right. The big difference between them and me is that I'm not currently a SimpliSafe customer and therefore, I don't have to make myself right about having bought a core security system that very likely can't be patched. I suspect that may actually give me an advantage by allowing me to be a bit more objective than folks who feel the need to defend their purchases. In any event, I will NEVER knowingly buy a core security system that can't be patched . . . period. Needless to say, I'm hoping the SS3 arrives before the camera gets out of beta. I'm guessing that's what it will take for SimpliSafe to "fix" its allegedly "unfixable" core security systems. But then I've been wrong before . . .

Never say "never". Are you

Never say "never". Are you saying that if "pre-roll", selectable motion activation, recording on request, pan and zoom, download to a standard video format file, multi-camera discount and integration with C.O.P.S with verified dispatch in under 5 minutes is available before a fixable base is, you won't dive in?

I don't have to be "right" about having SS. The base system works "for me" (so far). The hole(s) in the base system don't bother "me" (at this point in time). Maybe they'll fix it before that changes. Or maybe not.

As for the cameras, they don't yet do what I need, and the holes currently bother me. I have no problem not relying on them until that changes, although I wouldn't pay full price for them until they do.

Never say "never". Are you

Never say "never". Are you saying that if "pre-roll", selectable motion activation, recording on request, pan and zoom, download to a standard video format file, multi-camera discount and integration with C.O.P.S with verified dispatch in under 5 minutes is available before a fixable base is, you won't dive in?

Dream on, brother! :-)

Look, I understand that the current vulnerability will probably never amount to anything. That's not the point. You already know what the point is and I'm not going to repeat it again . . . at least not today. But to answer your question . . . No, I would NOT buy a SS system plus SS cameras even if the cameras did everything you said they could do for just one simple reason. An unfixable security system isn't secure in my opinion. And no amount of bells and whistles, features and benefits, or capacities and capabilities can make it secure until whatever made it unfixable is fixed. I really don't think that's a particularly difficult concept to grasp although some folks just can't seem to get it. Maybe it's because they don't want to. But I'd ask those folks to answer the following question and I'd challenge them to answer it honestly. If they had known going in that they were buying a security system that probably couldn't be patched for vulnerabilities and they didn't know in advance what those vulnerabilities were going to be, would they have purchased it anyway?

Ok, you are strong minded

Ok, you are strong minded enough to use "never". Few are.

There aren't many situations

There aren't many situations in life I'd apply that word to, seven. But sometimes I have to set a healthy boundary. And this is one of those times.

SS, I don't think you truly

SS,

I don't think you truly believe "Nothing is more important to us than the security of our customers" when you don't even engineer a very simple call into an existing multi-factor authentication library in order to give your customers confidence that adversaries won't disable our alarms via your Web UI. It's 2017, and MFA/2FA has been standard practice for a while now. Please stick to your word and actually make security most important to you (re-enforcing your own statement). Google Authenticator is free -- or allow for SMS, or use Duo, or any host of other options.

Thank you,
Ben

SS, Ben has you there. Dual

SS, Ben has you there. Dual authentication a no brainer. (not unlike the dozens of other suggestions you have received over the years to improve the site.

Are currently shipping SS

Are currently shipping SS systems still vulnerable to the PIN replay attack?

According to the Forbes article from a year ago "SimpliSafe spokesperson Melina Engel told FORBES that it was planning on releasing hardware with over-the-air firmware updates and that customers would be given a discount on those once they were available" -- did that hardware release happen?

Thanks, James

No, except for the new

No, except for the new camera.

An Amazon Echo Skill would

An Amazon Echo Skill would also eliminate this concern. "Alexa, Disarm Simplisafe" etc. Not sure if this has been mentioned previously. I haven't read the entire thread. As of yet, the Echo is not integrated with Simplisafe to my knowledge. A panic command would be pretty amazing as well. My 2 cents...I'm clearly not as knowledgeable on this security concern as others though I find it disconcerting and disappointing,

I honestly do NOT think the

I honestly do NOT think the risk is great. It is however a possible risk. Another reason I am pleased that I decided to go for layered security with Blink cameras. Twice the system, half the risk.

Ironic title for this post:

Ironic title for this post: "Our Commitment to Your Security".

@AnotherSSUser, sorry but you

@AnotherSSUser, sorry but you will have to explain. I don't see the irony.

The hack isn't that

The hack isn't that sophisticated. My 15 yo cousin could figure it out with a raspberry pi and a couple of components. Sounds like you are trying to brush off a huge issue to people who are not as knowledgeable...

XXXXXXXXX

XXXXXXXXX

"Mystery black box stumps

"Mystery black box stumps manufacturers and police".

No, it's not Simplisafe. Not yet:
https://www.youtube.com/watch?v=l7OadDz3Ums

Or the updated version, now

Or the updated version, now costing $22 each to make:
https://www.wired.com/2017/04/just-pair-11-radio-gadgets-can-steal-car/

The point is once enough SS systems are out there, someone will turn the hack into a push button box.

--

Simplisafe as a company seems to have never gone through any sort of security audit.
There are SO many things that are not right. For example if I create a code for a housekeeper,
any they have access to the keypad, they can try about 30 codes a minute, to find master codes.
If someone steals my phone and guesses the unlock pattern, they just have to start the app and there is my ADDRESS of all things. So a person who just stole my PHONE has both my ADDRESS and a way to DISARM the alarm.

The list goes on and on.

Simplisafe is simple to use, but only sort of safe.

A new version has been

A new version has been submitted to the FCC; perhaps it will start fixing the weaknesses.

Someone can break into your

Someone can break into your house in about two seconds with a ram/hammer/rock. Yes your alarm will go off, and in most cities/towns, it would take several minutes or more for police/sheriff to arrive, or if they are even dispatched.
My point is that maybe SS or any other alarm has vulnerabilities, at the end of the day, if someone wants in, they will get in. There are far easier ways then some hack.

I would not worry too much about this issue. I do hope that it is resolved with SS3, I would not worry too much about it. In most cases, thieves enter either by smash and grab or by homeowners being sloppy with leaving doors open/unlocked.

Also, you should put a pass code on your phone. You can also put a pass code on the SS app. So now you have two ways to prevent someone access your account if your phone is stolen.

The list goes on and on how someone can get into your house. This flaw in SS is really the least of the ways.

Just sayin.

Has anyone received an update

Has anyone received an update on this ? Would really like to know if and when they plan to implement MFA.