19 Messages
Is SimpliSafe Hackable?
It would seem that a backdoor has been found in the ubiquitous ESP32 microchip made by Chinese manufacturer Espressif and installed in SimpliSafe. Undocumented commands that could be leveraged for attacks were found buried in the OS code. Are SimpliSafe going to follow up with these findings and ensure our security systems are safe from hackers (foreign or domestic)?
Official Solution
simplisafe_admin
Community Admin
Β β’Β
1.2K Messages
17 days ago
As part of our commitment to our customers, we take matters of privacy and cybersecurity very seriously. We’ve been following the recent news regarding undocumented debug commands in Espressif microcontrollers and don’t view what has been reported as a threat to our current security system. As noted in Espressif’s response earlier today, the commands are used locally within a particular device, with no remote access. Per Espressif’s response, the commands “cannot be triggered by Bluetooth, radio signals, or over the Internet, meaning they do not pose a risk of remote compromise of [relevant] devices.”
Beyond Espressif’s response, it’s important to note that the Bluetooth module in our system is only used in onboarding the system and has limited functionality even in that process. It isn’t used for arming and disarming the SimpliSafe® system. Overall, SimpliSafe® has robust protections in place within and around our products to provide further protection.
While we were aware of this news, we appreciate you raising it and encourage anyone who may suspect a vulnerability in the future to submit their findings to our security team following the steps outlined in our article How do I report a possible security issue in the system?
0
captain11
Captain
Β β’Β
6.3K Messages
17 days ago
First, I am not a programmer or security expert, so when I read a post on whether SS is safe or not from attacks, I take a wait and see approach to see what SimpliSafe and others say about it. In the past we had the "Invisible Fence" vulnerability (pure garbage in my own personal testing" and the "$4 - now $8 - RFID fob / garage door" hack, which again in my own personal testing isn't a big threat (you can use the search tool and look up the specifics and my response).
For this one, I am first to admit way beyond my grade level to evaluate but here is an article, and related comments, on this subject:
https://www.bleepingcomputer.com/news/security/undocumented-commands-found-in-bluetooth-chip-used-by-a-billion-devices/
So, SimpliSafe, what is your response? For now, I will sleep soundly as I have a few other items to be concerned about.
0
0
dlpsr
1.5K Messages
17 days ago
Everything iOT is probably hackable or attackable.
Good security practices help prevent it.
Servers too without said security. Happens all the time to better than this hardware.
If an RCE (remote code execution) is possible and it may or may not be possible. Just left over junk in the ESP32, &or, expressif devices? Maybe.
The hack, if any, would probably be on the server side where something like malware pay locks would be very profitable to hackers vs stealing our credit card #'s or petty hacker crime.
Imagine what would happen if say all SS users got locked out of their services. Very Messy.
Expressif is said to have at least 20 or 30 vulnerabilities.
I don't expect much of a response, it's being discussed all over the internet amd social media though. Plenty to read there.
In order to get to the chip, it'd almost require a penetration of your LAN or server side. Unless time based.π
X was just hit today with a cyber attack so there's the possibility of anything if you tick off the wrong group of people or foreign states as Musk supposedly has.
0
0
worthing
754 Messages
17 days ago
"Imagine what would happen if say all SS users got locked out of their services. Very Messy."
I don't know that this kind of response in a thread like this, where people are concerned, is the way to go. :) I'm all for creative thinking and thought exercises but not in a thread where people are looking for concrete information.
As the simplisafe_admin account noted when referencing the espressif response, you basically need physical access to the base station to take advantage of this "vulnerability". If a bad actor has their hands on your base station then this flaw is the least of your worries. :)
1
0