RF insecure?

Forum with questions and discussions about security or security devices like Marmitek, Elro Elk (other then Visonic)
Post Reply
Digit
Global Moderator
Global Moderator
Posts: 3388
Joined: Sat Mar 25, 2006 10:23 am
Location: Netherlands
Contact:

RF insecure?

Post by Digit »

Hi all,

Although this may seem a rather strange question, it has been going through my mind over and over again the last few weeks, so i decided to just post it and see if i'm just being paranoia...

Using RF is very convenient, because no cables. But in fact, this could (should!) be regarded as a network. But how about security on this network? How about intrusion detection etc. etc., things we all know from regular LANs? AFAIK there is no way of doing those things with RF.

And with all the plans i'm having for the future with RF, shouldn't that be considered an issue?

I can't imagine this hasn't crossed your minds either.

I mean, a worst-case scenario would be that someone "from the outside" would be very easily able to put anything he/she wants on my RF network and thereby triggering all kinds of things i really don't want!

What can be done about this? Nothing, i guess. Or is there?

Regards,
Digit.

(Pieter, feel free to move this topic to another forum if my choice wouldn't have been yours)
User avatar
Willem4ever
Global Moderator
Global Moderator
Posts: 805
Joined: Mon Oct 30, 2006 3:48 pm
Location: Uithoorn / Netherlands

RF insecure?

Post by Willem4ever »

Hi Digit,

You hit the nail on the head, as we say in Dutch. Sometime ago my neighbour told me about as strange problem he has sometimes in the middle of the night his B&O stereo would switch on, and he was sure he wasn't doing anything (in fact he was sleeping). I asked him to check his manual and he found that the wireless control (RF) was still at factory defaults. Changing the channel resolved his issues. I guess you get the moral of the story .... RF protocol, such as X10 are simple, without any techniques such as encryption or anti-replay. In other words very simple to control your neighbours' devices.

For now there isn't much you can do about it, instead of wrapping your house in aluminum foil :-)

Cheers, Willem.
User avatar
b_weijenberg
Forum Moderator
Forum Moderator
Posts: 1744
Joined: Sun May 14, 2006 4:32 pm
Location: Netherlands

RF insecure?

Post by b_weijenberg »

Hi Digit/Willem4ever,

An encrypted protocol will solve a part of the problem. For example the Visonic keyfobs have an encrypted part in the RF data. It is therefore not possible to replay the signal and switch the alarm console on or off that way.
The Zigbee protocol has a possibility for packet encryption and this will make all data traffic secure. A problem could arrise when a jamming signal will block all RF communications. Most alarm panels have a jamming detection and the RFXCOM receiver have also this option for this reason.

Bert
User avatar
Willem4ever
Global Moderator
Global Moderator
Posts: 805
Joined: Mon Oct 30, 2006 3:48 pm
Location: Uithoorn / Netherlands

RF insecure?

Post by Willem4ever »

Hi Bert,

I have to look into Zigbee before I can judge it. Encryption seems fine, they follow a standard (AES). The problem is of course for people to use it properly. (key length, interval etc etc). In the beginning people also believed WEP to be secure. Today anyone with a bit of knowledge (i.e. the right tools :-) can find the key reasonably fast. (Fatest we did was 5 minutes on a loaded network). Also WPA, when configured incorrectly (factory SID, too short key) can be cracked within a matter of minutes (more complex bit still doable).

Important is too find the balance between the different factors that are important to you. e.g. Investment vs reliability.

Willem.
Digit
Global Moderator
Global Moderator
Posts: 3388
Joined: Sat Mar 25, 2006 10:23 am
Location: Netherlands
Contact:

RF insecure?

Post by Digit »

Hi all,

Your replies gave me a little bit more insight to what can happen and what can('t) be done about it. Not that possible interference with my neighbours will withhold me from implementing RF in my house, but its good to know and realise what can happen.

I gradually made a shift in thinking about (1-)wired to RF for some places in/around the house that are hard to reach with cable. Ease of use was my main reason to have a closer look at RF, and it's good to know it also has some disadvantages.

Thanx,
Robert.
User avatar
Willem4ever
Global Moderator
Global Moderator
Posts: 805
Joined: Mon Oct 30, 2006 3:48 pm
Location: Uithoorn / Netherlands

RF insecure?

Post by Willem4ever »

Hi Digit,

When you use e.g. Visonic devices you avoid address clashing as each device has an unique address. It is a matter of weighing the balance ..... questions like this I tend to answers with the phrase "it all depends" .....

Happy automating,

Willem.
Bwired
Administrator
Administrator
Posts: 4704
Joined: Sat Mar 25, 2006 1:07 am
Location: Netherlands
Contact:

RF insecure?

Post by Bwired »

Hi All,
I have some discussions about this subject for years now, and also with members of this board.
The X10 RF is the wurst of all as you know, most of the X10 RF products have no other address like Axx till Pxx. So with a simple X10 remote somebody can make a heavy X10 user very crazy [:D]
So what I do with the X10 RF is that I receive all the X10 RF signals with a central device. The devices which I want to control with X10 RF are in a database and checked upon. so if I receive an X10 signal which is in my database it will relay the X10 command on the powerline. If the X10 signal has no clearance for relaying it will not be put on the Powerline.

The X10 security RF products are a Little better and have a more complicate address. I have a really good 868Mhz antenna on my receiver and I receive all the Visonic Powermax RF transmitters in the neighborhood. So for example it would be possible for me to see if there is motion going on in a house down the block!

Update nov 2007:
Xanura has now the RFIX35 Secure X10 RF Receiver
Digit
Global Moderator
Global Moderator
Posts: 3388
Joined: Sat Mar 25, 2006 10:23 am
Location: Netherlands
Contact:

RF insecure?

Post by Digit »

<blockquote id="quote"><font size="1" face="Verdana, Arial, Helvetica" id="quote">quote:<hr height="1" noshade id="quote"><i>Originally posted by Bwired</i>
<br />
So what I do with the X10 RF is that I receive all the X10 RF signals with a central device. The devices which I want to control with X10 RF are in a database and checked upon. so if I receive an X10 signal which is in my database it will relay the X10 command on the powerline. If the X10 signal has no clearance for relaying it will not be put on the Powerline.
<hr height="1" noshade id="quote"></font id="quote"></blockquote id="quote">Same thoughts here! I now have a Marmitek transceiver just putting everything on the powerline it receives. The first thing i was planning to do was make it obsolete when i'm ready to work with a RFXCOM receiver for X10. Didn't see the need for the X-10 part of an RFXCOM receiver at first (gonna buy me one for Oregon), but it adds the possibility of 'screening' all incoming data before putting it on the powerline.

Regards,
Robert.
Gourmet
Starting Member
Starting Member
Posts: 12
Joined: Thu Nov 15, 2007 2:07 pm
Location: France

RF insecure?

Post by Gourmet »

<blockquote id="quote"><font size="1" face="Verdana, Arial, Helvetica" id="quote">quote:<hr height="1" noshade id="quote"><i>Originally posted by Digit</i>
<br />Hi all,

Although this may seem a rather strange question, it has been going through my mind over and over again the last few weeks, so i decided to just post it and see if i'm just being paranoia...

Using RF is very convenient, because no cables. But in fact, this could (should!) be regarded as a network. But how about security on this network? How about intrusion detection etc. etc., things we all know from regular LANs? AFAIK there is no way of doing those things with RF.
<hr height="1" noshade id="quote"></font id="quote"></blockquote id="quote">The problem with RF has several sides.
First, it's radio and as electromagnetic waves it spreads everywhere in all directions (more or less according to the diagram of the emissive element) and, above all, receives from everywhere.
So, as every radiofrequency system (from VLF to gamma rays and above) it is sensitive to radio interferences.
That is to say, a signal which not on the same wavelength but has at least one harmonic at the same frequency can perturbate your automation system at a level that renders it unavailable.
That's easy to set up and is only a matter of power (power of the source of interferences).
This problem cannot lead to intrusion. It's only a matter of disturbance that can put your system on kneels.

Secondly, these are RF and as electromagnetic waves it spreads everywhere and, above all, as far as ... the end of the universe. Whenever you have the correct material to detect this kind of RF (492 Mhz in Europe, 310 in the USA) with gain antennae, amplifiers, discriminators, etc you can "hear" what a PIR detector says at 10 or 1000 meters.

Thirdly, there is the problem of non-obfurscation: the exchanges between a source and a receiver are not confidential. Everybody with a RFXCOM receiver car hear what your thermal probe or your window sensor has to say.
Not a problem would you say? My personal point of view is that nobody has to know that my main door sensor is out of service for example. Nobody has to know that I'm walking through my livingroom. I surely don't want that anybody knows there is nobody at home!

Fourthly, always the problem of open exchanges: anybody with a simulator (a PC with a Aurel module for example) can simulate your PIR detectors, your door or window sensors. What would you do if, suddenly, all of your sensors went crazy? You'll switch them off so that you should understand what's going wrong.
Without any sensor working it's then easier for anybody to make an intrusion attempt.

Sincerely, using RF is very easy (no wire, only batteries) but we should think two or three times about the implications before deploying it.
For example, having a basic wiring system (of PIR, thermal probes, door and window sensors) in order to be able to use a RF system as a informal network only with a weaker priority.
Thus, if the RF system goes mad or unresponding, you won't stay in an unsure situation.
Of course, wiring is more expensive but it's also very more sure. And everything has a cost.
Security has one and it's not zero.

db
Post Reply

Return to “Security & Alarmpanels Forum”