Regarding glass-break sensors, it sounds cool, but I expect these would be far less commonly encountered in a real-world implementation for a couple of reasons. As for cameras, if they communicate wirelessly using similar frequencies/protocols, we may be able to tamper with them the same way other sensors can be tampered with (more on that later). CO and flood sensors aren't really relevant for the purposes of our assessment. There are a variety of other kinds of sensors which can be used with this ADT system which are outside the scope of this writeup - among these are CO sensors, flood sensors, cameras / imaging sensors, and glass-break sensors. In our case, we are only working with door/window sensors and motion sensors, all of which are also Qolsys devices. Qolsys IQ Panel 2 Sensor Typesįirst, let's talk about the types of sensors in use. While there are newer models of the IQ Panel available now, it appears that common ADT contract durations are 36-60 months, so this equipment is still relatively current. This was sold by an ADT authorized dealer less than two years ago (in late 2021). ![]() This ADT system uses a main control panel from Qolsys called the IQ Panel 2 which can communicate wirelessly with a variety of sensor types via a variety of protocols. ![]() Reading through the rest of the contract terms is pretty enlightening, but I will leave that as an exercise for the reader - let's move on and dive into the fun stuff! The Alarm System Alarm Panel If that is the case, the bar must be pretty low. As of this date, their website claims they are the leading provider in the US for these kinds of systems. This seems to be a pretty stark contrast to the way ADT markets themselves. Good thing thwarting criminals is not the core function of an alarm system, right? Excerpt from ADT contract We will first go over the things I learned about this particular system, then wrap up with a step-by-step attack path, all the while putting ourselves in the shoes of a real-world threat actor.ĪDT acknowledges in no uncertain terms within their contract language that these systems can be hacked and furthermore that their effectiveness can be reduced by a person with criminal intent. What follows is the result of my curiosity and boredom. I have always been interested in physical security, and although I have a mini-arsenal of relevant gadgets and have had the privilege of participating in a handful of physical intrusion operations, I have never had the opportunity to sit down and really spend some time exploring all the angles on a proper alarm system. If you use this information to break into someone's house, may God have mercy on you, because in all likelihood, the homeowner will not. This is for educational purposes only.All testing activity was performed with the explicit authorization of the owner.None of this is particularly groundbreaking.My opinions are my own - you should do your own due diligence and draw your own conclusions.I do not have any affiliations with any alarm system providers or component manufacturers, nor do I attempt to make any endorsements of the same. ![]() Some of these approaches may be applicable to other systems, but that is beyond the scope of this write-up. ![]() Thus, as there is nothing to report to the vendor, no responsible disclosure procedure was necessary. No novel vulnerabilities or exploits were discovered or developed during this exercise.I did not perform any wireless signal jamming or similar activities which would in any way violate regulations such as those set forth by the FCC and other authoritative bodies.I did not perform any actual reverse engineering of ADT or Qolsys technologies, software, hardware, or signaling protocols in the course of this exercise.It is possible that unknown factors invalidated my tests or otherwise contributed to the results I observed. These were my honest results when testing a single system, YMMV. This is not a comprehensive assessment of all systems, sensors, configurations, and solutions ADT has to offer.A quick obligatory CYA before we get to the good stuff:
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |