So just like with computer security, I'm a fan of both passive and active security for my home.
Their website is straight out of 1990, but Burglargard is a bullet resistant effectively smash-proof invisible coating that can be applied to all windows in your home:
http://www.burglargard.com
The nice thing about it is that if you have them install it, it comes with a lifetime no yellow, no peel, full replacement warranty. If you opt to install it yourself, it is much cheaper (Approximately $1 per sq foot), but no warranty, so not as useful.
Also, make sure to get 6" or longer screws to put into external door frames. It ensures the frame is anchored to studs and makes ripping it out via a typical kick the door in attack much more difficult. Stuff like the haven lock (http://www.havenlock.com) also really helps make it more difficult to kick in the door.
Note that these things make a break-in demonstrably more difficult, but they won't prevent it. I see an alarm system as a more passive security device, much like an intrusion detection system. "Hey someone broke in" means someone still broke in. I'm more of a fan of trying to make the act of breaking in in addition to ensuring I have a decent idea if someone does.
Defense in depth doesn't just apply to computers, it is a way of thinking :)
Burglargard looks pretty cool. But I'd definitely have to re-evaluate fire exits before I installed, the last thing I'd want is for the entire family to burn to death because I was trying to save a few thousand dollars in property which is insured and replaceable.
Door frames and window frames are a common source of intrusion, but if your frames are made out of wood then I don't know if the 6" screws are going to save you, the wood is often a source of failure rather than coming unscrewed. It just splinters away.
As to Havenlock: many back doors are slide, and can be bounced out of their runs. It might help on the few which are swing doors rather than slide (at least around here). I think the whole app thing is kind of dumb, it is just a wedge, and still requires drilling into the floor.
<quote>Burglargard looks pretty cool. But I'd definitely have to re-evaluate fire exits before I installed, the last thing I'd want is for the entire family to burn to death because I was trying to save a few thousand dollars in property which is insured and replaceable.</quote>
If your fire exit strategy currently relies on the ability to break a window, you've already failed at fire safety. You need to be able to OPEN a fire exit in an emergency, not MAKE one...
The basic rule is that, besides the entry door, there has to be one other exit that opens to the outside, which can be another door, but is usually a window. There are size rules for the window.
The window is intended not just for entry of firefighters, but also for unassisted exit.
In some older apartment buildings (eg, Portland, OR), the fire egress plan involves other residents being able to break into your apartment and exit using your external fire escape.
In these buildings, you'll see an apartment on each floor with a glass window in their door, and a heavy object hanging from a chain next to it. (It's a fun puzzle for guests -- "See that bolt hanging from the chain? See the adjustable crescent wrench on the next floor? How does that work?")
Wow, that's messed up. Might as well have a big "burglary decoy" sign above that door too. Something makes me think letting agents have trouble getting the same price for that flat...
Well I think that swelling only will occur when the moisture goes up. Also I think in newer homes the windows are more fire resistance and are a lot harder to break. But I do think that if it comes to that, than do it or do what ever you have to, to get out.
Mine are significantly harder to open in the fall when temps are around 50F versus the summer when temps average 75F. Older windows are probably more prone than brand new ones.
I do some work in personal protection inside and outside of the home and there are really quite a few simple things you can do to better protect your home from a break in or home invasion.
First, make sure you have a solid wood or metal door with a deadbolt. Second, reinforce all exterior door frames with door jamb armor, a large metal plate that covers your door jamb and 3 1/2 in screws that secure it into the frame. [1]
There's quite a few other window security films on the market. 3M is probably one of the best. [2]
You'll want to look into securing your glass to the window frame so it doesn't just pop the glass out in one piece. Some windows make that easy to happen and some secure the glass in pretty well. 3M has a few attachment systems that hold the glass in the frame. One easy option is a silicone sealant called Dow Corning 995. It's an incredibly strong silicone that bonds the security film to the window frame. [3]
And finally get a gun and learn how to use it. You can tell me how much you hate guns but when a insane machete-wielding man kicks in your front door, a phone in your hand dialing 911 is not going to stop him in time: https://www.youtube.com/watch?v=5bsAMSQ13bY
For me? Not often. But home invasions are not uncommon throughout the world. I like to be prepared for events that may not happen everyday but have a high potential to be deadly if they do happen. Same reason you probably have a fire extinguisher in your house. How often does your house catch fire?
Given machete-bearing lunatics are far less likely than depressed teenagers, perhaps your cost/benefit analysis on being prepared is lacking a few variables.
That's a pretty week study. Results indicated that gun ownership had a weak (odds ratio = 1.36) and unstable relationship with homicidal behavior: http://www.guncite.com/Kleck-Hogan.html
And the CDC disagrees with that assessment. Even as gun ownership is on the rise [1], and more people than ever are carrying concealed firearms, the number of people (raw number, mind you) accidentally killed with firearms each year continues to drop. The accident rate shows an even more marked decline. [2]
There are, according to the CDC, 308 million people in the United States. That’s 308,745,538. Of those 308 million people, only 600 were accidentally killed with a firearm. That’s a 0.000194% chance that you will be accidentally killed with a gun in any given year. According to the National Safety Council, over 12,000 people die every year simply by falling down.
But, our difference in opinions doesn't really matter here so, good luck to you. There are sheep, there are wolves and there are sheep dogs.
We're talking about the organization that was forbidden from spending money on firearms injury research, right?
> That’s 308,745,538. Of those 308 million people, only 600 were accidentally killed with a firearm.
Ah, clever. Take a discussion of homicide/suicide and start presenting stats on accidental deaths as if it were at all relevant.
To return to the actual point, if you have a gun in the house, it's far more likely to be used by your kid to kill themselves as you are to be confronted by a machete wielding lunatic. On a non-anedoctal level, the stats just don't work.
Your second link has nothing to do with accidental deaths, but rather with violent crime. Heck, if violent crime is dropping, that's an argument against the necessity of gun ownership. Did you paste the wrong url?
Also, this:
> There are sheep, there are wolves and there are sheep dogs.
And literally all of this won't help if you leave your house and leave a door unlocked, which is the far more likely scenario - the one time we got robbed, that was exactly what happened.
Had we not left the door unlocked, chances are people wouldn't have tried a daylight robbery.
Reasonable security measures are also an important part of computing.
This. Having an accurate threat model is very important. I was robbed once before I had a security system. Someone attempted to rob me after I had a security system, but was scared away. After I installed cameras, nobody ever tried to rob my house.
Frankly my threat model was drug addicts looking for a quick score and/or neighborhood kids up to no good. My security system had many flaws, but my threat model doesn't include a sophisticated attacker with a 1k-4k piece of jamming equipment.
How well does Burglargard hold up at the edge of the window? Sure, I can imagine it would slow down even a burglar who knows it's there, but a few hits at the edge of the window seems like it would let the burglar peel the glass (held together by the film) away from the frame?
It is definitely a possibility that your glass will pop out of the frame depending on the type of window and frame. There are a lot of other security window laminates other than burglargard. 3M makes a "safety and security film" that is the same thing and they offer a few different frame reinforcement options. One option commonly used is a silicone caulk that adheres the film to the frame to prevent the glass from being forced out in one piece.
What isn't clear from the article is if the wireless channels were encrypted or not. Right now they're just using brute force to flood the channel which is going to cut off the panel from the sensor(s) regardless.
I cannot see an easy way to mitigate this. Even if it has anti-jam it is going to just shift the frequencies which you could also likely jam. I guess the panel could increase its output power to try and compensate, but all that does is increase the equipment cost of an attacker, not really stop it completely.
So I guess the main take-away from this is to go wired, not wireless for security system installs. However it is unclear if security systems really do much of anything anyway (as police often ignore home alarm calls as they're more often than not false alarms).
You're better off just spending the money on higher fencing with trellis skirting, motion flood lighting, and fake signs that say "protected by FakeCo Security." It won't cost you $30/month for the rest of your natural life and offers the same deterrent.
Most smash & grabs are 10 minute affairs. Some robbers will happily continue to rob with an alarm going off, since they know the response time won't be close to 10 minutes.
On the first page of the class action, "ADT's wireless signals are unencrypted and unauthenticated,
and can easily be intercepted and interfered with by unauthorized third parties"
I think rolling your own ZigBee security system is more safe (and cheaper).
I prefer Insteon, which is wireless like Zigbee, but more jam resistant as it also operates over the power lines in your home to form a mesh. Even if the wireless access is blocked, much of the devices can be directly plugged in, and as a result, would still send critical security events to the controller.
If someone is jamming your power lines AND rf / wireless, you're under a full on assault. You're unlikely to defend against someone invested that much in breaching your home easily.
Although a Springfield Armory XD45 makes a wonderful backup :)
Or just cut the power to the home, arguably just as easy no? I think if your being targeted like that then you probably have bigger issues to deal with though...
No, because they send modulated signals over the copper power cables. Therefor, if they had their own backup power and were operating over the powerlines, they would work.
Or in the building I'm currently living in, the IR motion sensors are powered by cylindrical lithium batteries of roughly the same volume that have an observed lifetime in service of perhaps a dozen years before needing replacement.
While I think this sort of research is useful- I dont think this is anything that will affect people in real life. This is more the makings of a plot from the movie "Taken". If someone wants to rob your house, they will break in and probably be in and out before police can respond. A thief isnt going to jam your alarm systems radio and pull some elaborate hack to steal your laptop or flat screen tv.
People said the exact same thing about RF car fobs years ago. It is only a matter of time before the technology comes down in price and the software for doing this type of thing becomes more common. Never say never.
Cars are laughably insecure by computing standards, but yet stolen cars are at a low (when you adjust for total cars). They're also targeting pre-digital cars still on the road, if you look at the DMV's "top stolen cars" list, they're almost all 1990s cars or older.
You read a few stories about the "Russian maffia" having key fobs which can unlock modern cars, but these are few and far between. Even the more common ODB-II port key reset method is fairly rare, but gets heavily reported when it does occur.
So I'm going to use the same example, but use that example as evidence that this won't become common: just like cars, and garage door openers.
They might be willing to invest the time and money to become proficient at this attack, if they believe they'll be able to use it on several high-value heists -- think jewelry shops or museums, if you knock over a handful of those without causing a fuss you could make many times your investment.
Well I think there's a lot more places that someone would do something like this. Like a country club that is full of valuables could be a big target, especially if there are a lot of trophies or sports equipment.
Is it worth trying to foil this attack? My understanding from talking to alarm installers is that wired alarms, which are more common, are trivially defeated by burglars, and that really the point of having an alarm is simply to avoid being the only person on your block that doesn't have one.
To defend alarm systems a bit here, not all burglars are that sophisticated (so it's not trivial). As a teenager I came home from school after a break-in and the novice burglars had scurried off on account of the alarm system and had barely taken a thing.
True in part, but that didn't stop these thieves from smashing the window and stealing a little bit of stuff before running away in fear (we had prominent signs). An actual working alarm helps, but I suspect the signs do most of the legwork.
Fortunately the thieves got caught and were forced to pay compensation years later.
I think if the alarm isn't able to communicate (through wired means or otherwise) with its sensors or its back end for a suitable period of time, it should be functionally equivalent to detecting a break in. That is; the alarm should sound, and the alarm company should call the cops (it'd have to be pretty difficult to accidentally lose contact, however.)
The entire point of an alarm is it goes off if something bad happens; not being able to go off is a bad thing.
I was thinking about this, and I realized there is a bigger problem. The sensors detected a break in, failed to report it, and apparently just forgot about it; it successfully engaged in the protocol designed to detect jamming, but didn't use that window of opportunity to report the break in.
Or, you know, just cut the landline to the house. Phone lines go down often enough that security monitoring centers cannot respond to every incident. If your system stops sending the keep-alive, they assume it's just that the line's been cut. There are of course cell based backups now, but those can be blocked with a pretty standard cellphone jammer too.
Or, just run in and smash the panel. If you do it quickly enough, it won't send the signal.
Or, get a ladder. Most systems do nothing to protect the upstairs of a two story house.
Residential security systems are for show and to get discounts on homeowner's insurance. I'm pretty sure the sign up front deters more people than the actual system.
The first can be countered with a system that uses mobile as a primary or backup.
Some systems, e.g. alarm.com ones send a signal to the monitoring centre when an entry door is opened, then if no disarm signal is sent (e.g. the control panel was destroyed), they treat that as an alarm and dispatch police. It's also possible and done by some companies to hide the main control panel somewhere unobtrusive (and mute its speakers) and just place a remote panel by entry points as well as a remote speaker.
As for upstairs, that's people being foolish. Myself, I would never accept one that didn't protect upstairs entry points just to save a little bit of money. As they say, a fool and his money^H^H^H^H^Hsecurity are soon parted.
Almost none of these are true for where I currently live, the only thing lacking, which it pretty much has to given the reality of invoking the police on wild goose chases, is action beyond the building when the phone line goes down. But in that case the local alarm most certainly goes off ... but not very often at all! AT&T at least here is near rock solid.
Do you think insurance companies would give discounts unless the benefits were per their actuaries real?
I'm sure the sign does a lot of good, but it's just part of a system of defense in depth which starts there (or perhaps not living in a bad neighborhood).
My theory is that the discount is precisely because of the sign. I am convinced that that part does 99% of the work at actually deterring crime. The local alarm won't do anything once you are in the building: just go and turn it off. In fact, get a shirt with the ADT logo, then go rob a house. Nobody will question it.
To this article's credit, ADT when counter-advertising people thinking about leaving (source: me everytime they raise their price on my aged featureless system) is that alarms made on a cellular signal instead of a land line can be jammed with 75 dollar cell phone signal jammers.
They stand on the bedrock that their existing systems can't be manipulated like that. While this article makes it clear that this is not a cheap or unsophisticated hack, depending on the value of what you have in your home this kind of hack can very much be worth the price of admission especially when free and explained on the internet.
That's why relying on a single link for anything is a bad idea - if a system is known to use a landline, it's trivial, especially as in most parts of the US phone lines are aboveground, to cut the phone line before breaking in.
Another important detail, If you're just flooding a certain frequency you do not need an SDR to transmit, you can easily build a cheap $5 transmitter for that frequency.
Is this article trying to say that jamming can be used to temporarily blank sensors without the controller realizing they have dropped off the system? If so, actually using this for practical nefarious purposes would still be fairly complicated, because you would need to have the system in a pristine state for x seconds every y seconds.
For houses with lots of windows and bigger pets, one of the more ubiquitous sensors is the acoustic glass break sensor. You only need to jam that one for a few seconds to get in.
I have two of those; in fact, my house has all "perimeter" sensors and no motion. What you describe only works if the sensor is non-latching. A latching sensor will trigger the alarm as soon as it reconnects. AFAIK, most glass breaks are capable of latching, though most are not set up to do so. Changing the setting is trivial.
Alarm companies have put quite a bit of thought over the decades into anti-tamper measures. I suspect the reason the "hole" described in the article exists is because someone felt the other AT measures would cover it adequately enough for typical usage.
It's possible to configure most motion sensors to not detect pets by adjusting the height they scan at and/or their sensitivity (most say they won't detect pets under a certain weight). Not to mention that if there is any evidence of a large dog (cats being too small to trigger any decent motion sensor), a "Beware of Dog" sign is just as much a deterrent to break-ins as an active alarm.
Why does an alarm system, installed presumably permanently on an immovable house, even need to be wireless? A wired system would basically be immune to this (and if the wires are physically cut by an attacker, it will alarm.)
While everyone is saying ease of install, and its true, its not really that hard to hardwire a system in most houses. In fact, my previous house was hardwired by a central security group contractor in about 3 hours for nothing more than a 3 year monitoring contract (@~$20 a month, 6 years ago). Sure I didn't get sensors in all my windows, but I did get them in the doors, along with motion sensors that covered 90% of the square footage of the house, monitored smoke detectors, garage door controllers, and a bunch of other crap.
Probably close to $500 worth of DSC hardware.
Alarm monitoring is like printing money. The fact that ADT charges as much as they do, and installs such a craptasic system has always amazed me.
If the systems used wires installation would become a much longer and more expensive process for existing houses. The installers would have to run wires from all over the house to the central box which in many houses would require cutting into the walls.
Their website is straight out of 1990, but Burglargard is a bullet resistant effectively smash-proof invisible coating that can be applied to all windows in your home: http://www.burglargard.com
The nice thing about it is that if you have them install it, it comes with a lifetime no yellow, no peel, full replacement warranty. If you opt to install it yourself, it is much cheaper (Approximately $1 per sq foot), but no warranty, so not as useful.
Also, make sure to get 6" or longer screws to put into external door frames. It ensures the frame is anchored to studs and makes ripping it out via a typical kick the door in attack much more difficult. Stuff like the haven lock (http://www.havenlock.com) also really helps make it more difficult to kick in the door.
Note that these things make a break-in demonstrably more difficult, but they won't prevent it. I see an alarm system as a more passive security device, much like an intrusion detection system. "Hey someone broke in" means someone still broke in. I'm more of a fan of trying to make the act of breaking in in addition to ensuring I have a decent idea if someone does.
Defense in depth doesn't just apply to computers, it is a way of thinking :)