Think You’re Safe with SimpliSafe? Think Again.

SimpliSafe has some serious problems.
SimpliSafe has some serious problems.

Huge Vulnerability Leaves SimpliSafe Systems Unsecure

You may see the signs up and down your street: “Protected by SimpliSafe”. You may have seen the ads talking about the low monthly cost and easy installation (it’s all wireless!). You may NOT have seen that those “SimpliSafe” alarms are simply not safe.

As reported at

It’s not unusual to hear of vulnerabilities in smart-home security systems these days, as security researchers turn their attention to the Internet of Things. It’s worrying, though, when a modern security system turns out to be vulnerable to a so-called replay attack, the kind of thing that worked against garage door openers back in the 1990s.

SimpliSafe systems work on the premise that they’re easier to install than traditional alarm systems (like the kind Cascadia Electrical Solutions installs) and that has to do with the fact that everything they use is wireless. Want to protect a door? Just tape a wireless device to it. Even the keypad is wireless.

No way that can go wrong, right?

Via PCWorld:

SimpliSafe has two main components, a keypad and a base station, that communicate with each using radio signals. The base station also listens for incoming signals from a variety of sensors.

Zonenberg found that the confirmation signal sent by the keypad to the base station when the correct PIN is entered can be sniffed and then later played back to disarm the system. Recovering the actual PIN is not necessary, since the “PIN entered” packet can be replayed as a whole.

This is possible because there is no cryptographic authentication between the keypad and the base station.


As it turns out, the all wireless system still has to talk to a base unit that handles whether the system is armed or disarmed. In this case, though, that signal it sends is completely out in the open. Anyone can see it.

Via PCWorld:

When the owner of a real SimpliSafe system enters the correct PIN, a device like Zonenberg’s that’s hidden in its vicinity will capture the confirmation packet and will store it in memory. The attacker can use the device to resend the packet to the base station at a later time, for example when the home owner is away. This will disarm the alarm.

That would be like going to an ATM and shouting out your PIN number while you enter it. It’s like having no security at all.

The alarms installed by CES don’t have that kind of weakness. The keypad is wired directly to the alarm control panel. Protection zones can be wired to the system as too and when they are wireless they are encrypted.

Take a look at our selection of Honeywell products and services for both home and business, provided by Cascadia Security Solutions.

Think You’re Safe with SimpliSafe? Think Again.

Leave a Reply

Your email address will not be published. Required fields are marked *