This Home Security System Could Leave You Open To Hacking and Burglaries
Home security systems should do what they say on the box: make your home more secure. But with the rise of connected smart homes, security systems can be more exposed than ever. One insecure system is iSmartAlarm, a company that makes DIY systems. However, as of January 10, 2021, iSmartAlarm is out of business, but existing systems will continue to work.1 So, what exactly is the flaw, and does it count out iSmartAlarm as a viable home security option?
iSmartAlarm Security Flaw
In a nutshell, a flaw in the iSmartAlarm could let hackers bypass authentication to disable alarm systems, letting them break into people’s homes without a trace. Ilia Shnaidman, Head of Security Research for BullGuard’s Dojo, spotted the flaw first. (Dojo secures home internet connections by monitoring all traffic).2 The company attempted to alert iSmartAlarm to the flaw earlier this year, but the vulnerabilities were never patched, clearly a huge concern for prospective customers.
Are Existing iSmartAlarm Systems Safe?
The company iSmartAlarm makes door sensors, motion sensors, cameras, locks, and base units that can all access the internet to connect with the app, which controls the system. But since the system has been exposed to the internet at large, that means that anyone with knowledge of the flaws can now break in. The hack takes advantage of five different vulnerabilities including issues with SSL certificate validation, authentication, and access control. All these issues could be solved with a firmware update, but iSmartAlarm has yet to issue one.
Even if it is patched, users still have to update their firmware to ensure that they stay secure. And with people often putting off updates for weeks at a time, this may be a harder task for iSmartAlarm than updating their code. And as of November, 2020, iSmartAlarm hasn’t posted any updates about this security flaw on the news section of their website3 or on their Facebook page,4 so it’s safe to assume that their systems are still vulnerable.
If you’re still in the market for home security systems, here are a few that haven’t experienced the same sorts of vulnerabilities as iSmartAlarm:
- ADT: ADT has over 140 years in business, and with 24/7 professional monitoring, you can trust that even if you’re not home, someone will be there to check in when an alarm goes off. Learn more in our ADT review.
- Cove: While it certainly doesn’t have the name recognition of a company like ADT, Cove is an up and coming security company with DIY installation and, with some plans, Alexa and Google Assistant integration. They haven’t had any known security vulnerabilities, and Cove’s pricing is among the lowest on the market for professional monitoring.
- Alder: Another up and coming company is Alder, one of Utah’s fastest growing private companies.5 When we tested out their security system in our Alder review, we found their touchscreen panel, two entry sensors and motion sensor really easy to set up. However, if we were feeling lazy, we could’ve gotten the components professionally installed for free, a huge rarity in the home security industry. Plus, if you’re looking for a home security system for Alexa, we used Alexa to arm and disarm our Alder system and check its status.
Here at Security.org, our mission is keep you safe and secure, and one way to do that is to install a home security system. However, if your home security system is hackable, it defeats the purpose, which is why you may want to get rid of your iSmartAlarm system and go with one of the above choices.
iSmartAlarm. (2021). iSmartAlarm, Inc.
BullGuard. (2020). Homepage.
iSmartAlarm. (2020). News.
Facebook. (2020). iSmartAlarm.
Alder. (2016). Alder, 11th Fastest Growing Company in Utah.