AlarmJamming

http://it.slashdot.org/comments.pl?sid=08/11/02/2225226

Much of this discussion has been about the jammability of RF-based alarm systems.

I've done it (testing my own system). It's NOT hard.

All the wireless sensors have a lithium battery that lasts for a few years. The sensors do NOT transmit continually- that would run down the battery in a matter of hours not years.

Each time they transmit anything, it's in the form of a data packet including headers, the transmitter's unique ID, battery status, what it wants to report (open/closed/etc) and a few checksum bits. Furthermore all the wireless sensors (generally) use the same channel in the 433MHz range. To avoid stepping on each other, each packet is transmitted a few times separated by a pseudorandom delay. The sensors also transmit a 'tamper' signal if the sensor casing is opened or ripped off the wall, and a periodic 'superivision' message once every hour or so to let the system know they're still alive.

Whenever you open or close a door connected to a wireless sensor, it transmits a burst updating its status. If it transmits an 'open' signal when the alarm is armed, the alarm goes off. If the alarm doesn't hear a supervision packet from a sensor for more than an hour or two, it signals a trouble condition.

Most importantly- the transmission is ONE WAY- the sensors don't have receivers. The sensor doesn't wait for an acknowledgment from the alarm that its packet was received-- it sends its packet a few times and then considers it sent.

Since many devices (including non-alarm stuff like wireless thermometers and other brands of alarm gear) use the 433MHz range the alarm uses, wireless alarms are designed to tolerate SOME interference on the channels the alarm uses.

By SOME i mean less than 60 seconds of continual interference (as per UL standards for wireless alarm systems). So any jamming you want to do only has to 1. cover the data packet and 2. last for less than 60 seconds at a time. As you can imagine this isn't too hard if you can switch your jammer on/off easily and have a good idea of where the sensors are.

So to break into a building equipped with a wireless alarm: 1. figure out type of alarm and buy portable jammer for alarm's frequency (cheap) 2. guess where the sensors are 3. key the jammer when you are about to trip a sensor. When you do, quickly tear it off the wall / smash it. 4. steal stuff 5. be out in less than an hour so the alarm doesn't miss any supervision packets. And if it does miss one chances are it'll create a 'trouble' alarm not a 'burglar' alarm; no cops will be called.

Any security system can be beaten- there is no such thing as perfect security. Wireless sensors can be jammed. Magnetic contacts can often be fooled with bigger magnets. Motion sensors can be beaten by holding up bed sheets (as per Mythbusters test).

However if a burglar is crafty enough to jam an RF alarm or fake out magnetic contacts, chances are they are pretty smart and there isn't much you can do to keep them out. Most break ins are dumb criminals doing smash n grab jobs, the alarm is there to blast a 120dB siren in their face and hopefully freak them out enough that they run away.