Can burglars jam your wireless security system?

We examined claims that popular wireless security kits come with new vulnerabilities.

Colin West McDonald/CNET

Any product that promises to protect your home deserves a heightened level of scrutiny. To that end, it isn't surprising that you'll find plenty of strong opinions about the potential vulnerabilities of popular home-security systems. After all, home security is a bit of a chess game -- you want your system to be as many moves ahead of the bad guys as possible.

The most likely burglary scenario by far is the unsophisticated crime of opportunity, usually involving a broken window or some other kind of brute-force entry. According to the FBI, crimes like these accounted for roughly two-thirds of all residential burglaries in the US in 2013. The wide majority of the rest were unlawful, unforced entries that resulted from something like a window or a garage door being left open. The odds of a criminal using technical means to bypass a security system are so small that the FBI doesn't even track those statistics.

One of the main theoretical home-security concerns is whether or not a given system is vulnerable to being blocked from working altogether. With wired setups, the fear is that a burglar might be able to shut your system down simply by cutting the right cable.

With a wireless setup, you'll stick battery-powered sensors up around your home that keep an eye on windows, doors, motion, and more. If they detect something amiss while the system is armed, they'll transmit a wireless alert signal to a base station that will then raise the alarm.

That approach will eliminate most cord-cutting concerns -- but what about their wireless analog, jamming? With the right device tuned to the right frequency, what's to stop a thief from jamming your setup and blocking that alert signal from ever reaching the base station?

As said, the odds are low of such an attack being attempted against you -- successfully or otherwise -- but let's look at the facts.

simplisafe-rf-containment-test.jpg
We tested wireless jamming out for ourselves in this odd-looking setup designed to contain the RF interference. Tyler Lizenby/CNET

Wireless Jamming 101

Jamming concerns are nothing new, and they're not unique to security systems. Any device that's built to receive a wireless signal at a specific frequency can be overwhelmed by a stronger signal coming in on the same frequency. For comparison, let's say you wanted to "jam" a conversation between two people -- all you'd need to do is yell in the listener's ear.

Jamming a wireless radio requires knowledge of its broadcast frequency as well as the right equipment to jam that frequency. It also requires criminal intent, because jamming is highly illegal. Buying or selling these devices without the right certifications is often illegal, too.

Security devices are required to list the frequencies they broadcast on -- that means that a potential thief can find what they need to know with minimal Googling. They will, however, need to know what system they're looking for. If you have a sign in your yard declaring what setup you use, that'd point them in the right direction, though at that point, we're talking about a highly targeted, semi-sophisticated attack, and not the sort of forced-entry attack that makes up the majority of burglaries.

It's easier to find and acquire jamming equipment for some frequencies than it is for others. For instance, there's a great deal of common radio equipment that broadcasts at the 400Mhz range, making it easier to find something off of the shelf that will jam at those frequencies.

simplisafe-rf-interference-in-event-log.jpg
Some systems use software to detect intentional RF interference. Screenshot by Ry Crist/CNET

Counter-measures

Wireless security providers will often take steps to help combat the threat of jamming attacks. SimpliSafe , winner of our Editors' Choice distinction, utilizes a proprietary algorithm that's capable of separating incidental RF interference from targeted jamming attacks. When the system thinks it's being jammed, it'll notify you via push alert. From there, it's up to you to sound the alarm manually.

SimpliSafe was singled out in one recent article on jamming, complete with a video showing the entire system being effectively bypassed with handheld jamming equipment. After taking appropriate measures to contain the RF interference to our test lab, we tested the attack out for ourselves, and were able to verify that it's possible with the right equipment.

We were able to jam SimpliSafe's sensors, but the system detected we were doing it and sent us an alert. Screenshot by Ry Crist/CNET

However, we also verified that SimpliSafe's antijamming algorithm works. It caught us in the act, sent an alert to my smartphone, and also listed our RF interference on the system's event log. The team behind the article and video in question make no mention of the algorithm, or whether or not it detected them.

We like the proprietary nature of that software. It means that a thief likely wouldn't be able to Google how the algorithm works, then figure out a way around it. Even if they could, SimpliSafe claims that its algorithm is always evolving, and that it varies slightly from system to system, which means there wouldn't be a universal magic formula for cracking it.

Other systems also seem confident on the subject of jamming. The team at Frontpoint addresses the issue head-on in a blog post on its site, citing their own jam protection software and claiming that there aren't any documented cases of a successful jam attack since the company began offering wireless security sensors in the '80s.

A question of plausibility

Jamming attacks are absolutely possible. As said before, with the right equipment and the right know-how, it's possible to jam any wireless transmission. But how plausible is it that someone will successfully jam their way into your home and steal your stuff?

Let's imagine that you live in a small home with a wireless security setup that offers a functional anti-jamming algorithm like the one we tested from SimpliSafe. First, a thief is going to need to target your home, specifically. Then, he's going to need to know the technical details of your system and acquire the specific equipment necessary for jamming your specific setup.

Presumably, you keep your doors locked at night and while you're away, so the thief will still need to break in. That means defeating the lock somehow, or breaking a window. He'll need to be jamming you at this point, as a broken window or opened door would normally trigger the alarm. So, too, would the motion detectors in your home, so the thief will need to continue jamming once he's inside and searching for things to steal. However, he'll need to do so without tripping the anti-jamming algorithm, the details of which he almost certainly does not have access to.

There isn't hard data on how often jamming is used as a burglary technique, but when you start thinking about the practice in those kinds of real-world terms, it becomes a lot easier to buy into claims like the one Frontpoint makes about jamming attacks being exceedingly rare. It's hard not to imagine our hypothetical burglar choosing to target a home with no security system at all, instead.

The bottom line

At the end of the day, these kinds of systems are primarily designed to protect against the sort of opportunistic smash-and-grab attack that makes up the majority of burglaries. They're also only a single layer in what should ideally be a multifaceted approach to securing your home, one that includes common sense things like sturdy locks and proper exterior lighting at night.

No system is impenetrable, and none can promise to eliminate the worst case scenario outright. Every one of them has vulnerabilities that a knowledgeable thief could theoretically exploit. A good system is one that keeps that worst-case scenario as implausible as possible while also offering robust protection in the event of a less-extraordinary attack.

Featured Video