Wi-Fi jamming attacks are on the rise. How they affect your smart home security

1 month ago

With more than a third of North American homes protected by a video doorbell or some other Wi-Fi-dependent device, it’s reasonable to worry about the growing threat of Wi-Fi jammers. These mysterious devices can override your smart home security monitoring, effectively neutralizing the systems you’ve relied on for peace of mind.

Indeed, these increasingly cheap and accessible jamming devices make it easier than ever for criminals to block your security system’s primary communications signal. With that signal blocked, the crooks can break into your place without you noticing—until it’s too late. Here’s what you need to know to protect your home and family in 2024.

Wi-Fi jamming is on the rise

When we last covered the threat of Wi-Fi jamming, the threat was still largely theoretical. Wi-Fi jamming has always been possible, but it has only recently become a real-world problem, as jamming hardware devices have become cheap and widely accessible via online vendors. Even Amazon has come under FCC scrutiny for selling Wi-Fi jammers, and a simple Google search reveals a long list of online vendors selling devices for as little as $5 that can easily block the Wi-Fi on any device.

“No one knows exactly how widespread this issue is. Unfortunately, the technology necessary to jam these signals has become readily available if one looks hard enough,” says John Allison, Director of Public Sector for Checkmarx Security Solutions, which provides security and testing technology to the software industry.

Also known as Wi-Fi “deauthing,” signal jamming works on the simple principle of radio interference. By casting signals that match the Wi-Fi radio spectrum, jammers can interfere with the entire band and prevent any nearby device from getting through.

They can also target a specific device’s connection to your home network, making it harder to detect the problem. These days, most jammers work by targeting a single security device, such as a doorbell camera, and blocking its connection to the network long enough for intruders to get past it without being seen.

The prevalence of Wi-Fi jammers is growing, and their documented use in home invasion crimes has been expanding. In fact, the Los Angeles Police Department issued a warning to LA residents in March after a series of break-ins involving jammers.

In February, South American gangs were reportedly carrying out organized burglary sprees in Arizona by placing jammers in neighborhoods to orchestrate break-ins. The threat is no longer merely theoretical, but very real.

Still, even as we’re seeing a few high-profile news reports of jammers being used in burglaries this year, there are several good reasons to remain calm. Put into perspective, Wi-Fi jammers have been used in only a tiny fraction of home invasion crimes in North America to date.

In fact, the overwhelming majority of home break-ins involve no electronic sophistication at all. So, while a handful of emerging reports point to the use of Wi-Fi jammers, we’re not in the throes of a sweeping trend.

“For consumers, the question goes to whether the risk to their security systems is sufficient to justify using a fully wired security system that is immune to jamming, or whether the convenience of a wireless security system outweighs that risk,” says John Allison of Checkmarx. “I think the big challenge is that most consumers probably are unaware that they are even accepting this risk when they decide on which system to purchase.”

Fortunately, the simple presence of visible security systems remains a highly effective deterrent to home invasion crimes. Just by having a security system sign or cameras on the front of your house, you decrease the odds of becoming a target. That said, it might not be a good idea to post a sign that tells a potential intruder which security system you’ve installed. That could give them clues as to how it can be defeated, as known exploits circulate amongst criminals. So, if you have an ADT system, for example, you might want to put out a sign indicating your home is protected by SimpliSafe.

A simple sign alone can deter 25 percent of thieves from choosing your house, according to Security.org. Meanwhile, 50 percent of burglars will bypass a home with cameras mounted on the front, and evidence of an alarm system is even more effective. That leaves a minority of burglars willing to brave a break-in when they see a camera in place, and most of those who do so are counting on slow police response—and not Wi-Fi signal jamming—to get away with their crimes.

“Everyone must understand that home security systems are merely a deterrent, and unless you can respond fast enough, a lot of damage and theft may occur before the police arrive on the scene,” Allison says.

It’s not just about Wi-Fi

Any wireless communications signal can be vulnerable to malicious interference, so it’s important to understand that this issue doesn’t only affect Wi-Fi-based systems, says Deral Heiland, Principal Security Researcher for IoT at Rapid7. Zigbee and Bluetooth signals can also be jammed, and even the cellular signals that many systems use as back-up if your broadband service goes down can be interfered with at close range.

Signal replay, in which an attacker captures a wireless signal sent between two devices and then replays it to fool any monitoring or locking mechanism, is a common type of wireless hack. “These things are constantly sending a positive signal,” Heiland says, “so if there isn’t proper encryption on these things there’s nothing stopping someone from just capturing the RF communication and just replaying it.”

IoT devices in general can come with a variety of security risks, whether they’re wireless or connected to your router. The APIs in these devices can often be exploited remotely, which can expose the data they process to attackers.

“The biggest concern with IoT devices is that they may contain exploitable vulnerabilities which may never be fixed,” says Checkmarx’s John Allison.

Rapid7’s Deral Heiland warns that with a little information about you, a sophisticated attacker can take your security system offline remotely without jamming. Here’s one example Heiland found in his testing:

“If you knew the person’s email address you could do a query against the API and pull back the EMI number of the device. With the EMI number, you can make another query and bring back a configuration structure where you’re actually able to change settings and blind the entire system, or turn it off remotely without any level authentication other than knowing the email address.”

What to look for in a home security system or camera

Because real security systems are still more effective against burglaries than just a sign in the front yard as a deterrent, and because you still want as much security and visibility as you can get, it’s important to look for robust security and signal redundancy features in these products.

While all wireless signals, and even some wired signals, can be vulnerable to jamming, signal redundancy—having more than one way to communicate in case a given signal isn’t getting through—is an important capability in any security system. Heiland of Rapid7 and Allison of Checkmarx both recommend looking for devices that offer a cellular backhaul capability in the event Wi-Fi isn’t working.

Additionally, systems that use a variety of signal types in parallel are more likely to withstand a jamming attack. While the primary connection might be Wi-Fi, sensors operating on Z-Wave or Zigbee would still be able to communicate with the hub if the Wi-Fi is jammed. And if cellular backhaul is in place, the entire system would continue working.

Security is fundamentally about trust, so it’s important to buy from trusted manufacturers with a reputation for security and support.

“You want to buy brand name systems,” says Heiland of Rapid7, who avoids endorsing any particular manufacturer. “Brand name companies have a reputation to protect. They’re going to take security much more seriously, and they’re hiring organizations to test their products on a regular basis. They usually have better security programs. If a vulnerability is found, they patch it.”

In addition to actively patching discovered vulnerabilities, major home security system manufacturers like Ring and SimpliSafe also build jamming detection into their newer systems. While not foolproof, these algorithms detect telltale signs of malicious interference, adapt their own signals to prevent the jamming, and alert you to a potential attack. As jamming becomes a more common threat, we expect to see jamming detection continue to improve and for manufacturers to advertise these features prominently.

One often overlooked issue with most consumer security solutions is the user’s own response. If your system isn’t actively monitored by a professional service, it’s up to you to respond effectively in the event of an intrusion. Even if your system is working properly and no one interferes with the signal, you might not notice the alert on your phone when someone breaks a window and enters your home.

For this reason, it’s a good idea to look for a system that offers professional monitoring and police dispatch, which significantly increase the likelihood that an intruder will be detected and appropriate action taken.

Ultimately, wired security systems have significant advantages in reliability and robustness against attacks. If you have the budget and really want to ensure the system is working properly at all times, a professionally installed wired security system backed with 24/7 service is a better option than an off-the-shelf Wi-Fi-based product.

Steps you can take to increase your home security

Security experts consistently warn that no security system can, by itself, keep you safe from intruders. To ensure your security, you need to take steps to protect yourself, keep your tech working correctly, and avoid leaving your safety entirely in the hands of technology providers. Here are some important tips to keep in mind:
• Have redundant systems in place. Multiple cameras with overlapping fields of view, sensors on each door and window, and audio (e.g., glass-break) detection can work together to help detect an intrusion better than any one device on its own.
• Keep your devices updated. Regularly check for firmware and software updates for all your devices to get the latest patches and detection features.
• Security systems that can connect to a phone line and communicate with a server even when the internet goes down are better than any Wi-Fi-only option.
• Use robust Wi-Fi passwords. If an intruder can easily crack your home network password, they don’t need a jammer to take your systems offline.…Read more by Robert Strohmeyer


Leave a Reply

Your email address will not be published. Required fields are marked *