Update on Simplisafe….

A couple of years ago I wrote this piece warning about snake oil in sales pitches.  I wasn’t able to get my hands on the hardware to do my test but I knew there were most likely going to be serious flaws. I had stated I was more than willing to do an analysis for free if sent a sample product. Honestly I kind of wish I had bought one, because this shit is gold:

It appears SimpliSafe’s systems send messages unencrypted in the clear over the air. That means it’s trivial to send spoofed sensor readings – such as back-door closed – to fool alarm control boxes into thinking no break-in is happening, and replay PIN codes from keypads to activate or deactivate security systems.

blink This shit’s a joke right? An honest to god joke. This is so blatantly bad it is obvious someone made a proof of concept and then shipped it as a product.

The only thing that is worse is their canned response to the problem:

Thanks for writing in.
Please read this information below there hasn’t been any cases or situations.

Good freaking god, that’s as bad as the incident I had with Dreamhost.

If you have Simplisafe, ditch it. You’re keys are being broadcast to the world.

 

Quote of the Day – Tim Cook (2/17/2016)

While we believe the FBI’s intentions are good, it would be wrong for the government to force us to build a backdoor into our products. And ultimately, we fear that this demand would undermine the very freedoms and liberty our government is meant to protect.

Tim Cook – A Message to Our Customers

February 16, 2016


[First, go read the whole thing; all of it. There are different things that can be used for quotes, but that final line says it all.

If you’re having trouble understanding why they wouldn’t help the government there’s a couple different things going on here. If you read their security document for iOS there is little that can actually be done. While no one on this side of the fence is supporting the actions of those asshats that shot up a Christmas party the most common argument I’ve seen has been appeal to emotion to catch those that supported them.

Yes, I want to catch them. Then break into their phone!!! Apple is aiding and abetting by not helping. No they’re not because there’s a lot more at stake than just one phone despite the claims by the government. Anything they build can be used against any other iPhone. Not only that, if it falls into the wrong hands it can be used for criminal enterprise.

Tim used the following line as well:

Criminals and bad actors will still encrypt, using tools that are readily available to them.

This is most definitely true. As pointed out to me by Ashley, if you replace the words and shift the subject this reads like letter from the President of the NRA.

I came to the following realization which cements just how important and how right this stance is. What the FBI wants fails the Jews in the Attic test. To think that this will only be used in this one case is naïve and without forethought.  There is no way you will keep a genie like this in the bottle. At some point it’s going to get out and it’s not going be pretty.

Say what you will about Apple, but at least they have the balls to stand up and not just play dead due to an “Appeal to Emotion.” -B ]