Testing Wireless Security Alarm Systems from the Estonian Market
Name
Alar Paas
Abstract
The goal of this thesis is to research if wireless security alarm systems sold in Estonia are vulnerable to replay attacks, radio signal disturbance, and RFID token cloning. The possibility of recording and replaying signals from different components and alarm system hubs with the main goal of disarming is analyzed. The complexity of transmitted signals is assessed to see if there might be a chance to use a brute-force attack to break the code or build up a self-generated code-signal based on system parameters. Also, smart cards and tokens used by security alarm systems are reviewed to see if they can be cloned. An Anonymous questionnaire was made for alarm system providers and users to find out general knowledge about attacks dealt with within this thesis and to see how different parties perceive the nature of possible security vulnerabilities. Research has been conducted using the most common security alarm systems with wireless sensors provided by security product resellers and also systems purchased from the secondary market in Estonia. This research has not been sponsored by any company and presents an independent assessment based on conducted tests. Testing was conducted in the home environment, one system at a time, and only commercially available tools were used. Not all tested security alarm systems have analogous capabilities, and therefore, every system was analyzed separately according to the current specifications and components available. Test results show problems with old and new nowadays security alarm systems. Today it is possible to purchase a well-known manufacturer of wireless security alarm systems that are easily attackable. The problem is also with cheap Chinese products that can be purchased online and often do not meet any recognized security standard. As a result of this thesis, an overview is given about the security of wireless security alarm systems currently available in the Estonian market – which systems should not be trusted blindly and recommendations to mitigate possible threats.
Graduation Thesis language
English
Graduation Thesis type
Master - Cyber Security
Supervisor(s)
Danielle Melissa Morgan
Defence year
2024