This alarm clock will steal the covers right off your bed

When you hear the words “Arduino alarm clock,” likely you think of something that uses a real-time clock (RTC) module to wake one up in a creative way, perhaps with light patterns or pleasant sounds. Though creative, the Duvet Eating Alarm Clock is not pleasant, literally ripping the covers off of your bed for a very “rude awakening.”

This project, the brainchild of YouTuber “1up Living,” uses a modified mechanical alarm clock to signal an Arduino Uno to start the duvet stealing machine. A powerful winch turns a custom-made drum that progressively wraps the bed cover around it, leaving no option but to get up and get dressed!

If you need a little more motivation in the morning, you can find 1up Living’s build instructions here.

Arduino Blog

Bullguard researchers find serious flaws in smart home alarm

Bullguard researchers find serious flaws in smart home alarm

A team of researchers at security specialist Bullguard has identified a range of serious flaws in a connected burglar alarm.

Security researchers at the company found vulnerabilities that could allow hackers to access and penetrate iSmartAlarm devices and control a number of functions, including turning the alarms on and off and activating their sirens.

These vulnerabilities mean that tech-savvy burglars could hack into alarms and turn them off before targeting those homes. Worse still, they’d likely get away with the crime.

Basic security lacking

Ilia Shnaidman, Bullguard’s head of security research, led the study of iSmartAlarm’s vulnerabilities and details his findings in a blog post on the company’s website.

He said that the flaws found in the iSmartAlarm device further prove that many connected devices are poorly engineered and easy targets for cyber criminals.

A hacker, according to Schnaidman, would be able to have full control of the device and all its features thanks to these flaws. Functions include a siren, smart cameras and locks.

It’s one of the new breed of alarm devices coming onto the market, giving users the ability to check on their homes and assets via a mobile app.

“Once an attacker infiltrates the home/business network and finds such a device, they could fully compromise the device. It is needless to list the potential damages of a compromised physical security system such as alarm system,” he writes.

Read more: Bullguard CEO: “A safer smart home shouldn’t be complicated.”

Compromised customer data

More worrying still, the researchers found that hackers could get access to iSmartAlarm customer data, including users’ names and addresses, “creating a perfect scenario for cyber-assisted crime,” writes Shnaidman. 

Demonstrating the seriousness of the security flaws here, Schnaidman explains how the device communicates with its back-end on tcp port 8443.

While that’s pretty technical, this basically means the iSmartAlarm Cube doesn’t check if the SSL certificate from the server is authentic. “The Cube does not validate the authenticity of the SSL certificate presented by the server during the initial SSL handshake. So after forging a self-signed certificate, I was able to see and control the traffic to and from the backend,” Shnaidman writes. 

During his research project, he aimed to find out how the mobile app and Cube communicate with each other, in a bid to find ways to control the alarm remotely without using the app. There are two modes: the first option is when the Cube and app are functioning on the same network, while the other is when they operate on separate ones.

“While examining the first mode, I was able to sniff the encrypted traffic between the cube and the app on tcp port 12345,” he wrote in the blog post.

When the Cube and app communicate directly over a LAN, Shnaidman found he could cause even more damage to the cube and stop it running completely.

“While running a DoS attack on the cube, the legitimate user loses control over the alarm system, and he or she is not capable of operating it, neither remotely nor locally,” he added.

Read more: BullGuard Dojo: Bow to your IoT sensei

Keeping users safe?

Like any responsible ‘white hat’ hacker, Shnaidman contacted iSmartAlarm about the vulnerabilities back in January, and the company responded, requesting details. However, once these had been provided, Shnaidman received no further response from iSmartAlarm and thus made his findings known to CERT, the US Computer Emergency Readiness Team in the Department of Homeland Security. This is the body that issues disclosed flaws with a CVE [common vulnerabilities and exposures] identification code. In this case, five separate CVEs were issued.

Liviu Arsene, a senior e-threat analyst from Bitdefender, told Internet of Business that many connected devices lack the basic security functionalities needed to keep users safe.  

“Security researchers have often found IoT devices lacking even basic security features making them not just vulnerable, but sometimes even impossible to patch,” he said.

“Considering that all these devices are usually connected to the same primary home network Wi-Fi, an attacker could use these vulnerable IoTs as a gateway to breach other home network devices, such as laptops, computers and even your router.”

Read more: Smart home security could be targeted by hackers

The post Bullguard researchers find serious flaws in smart home alarm appeared first on Internet of Business.

Internet of Business

Monitored alarm systems in Europe and North America reached 41 million at the end of 2016

Monitored alarm systems in Europe and North America reached 41 million at the end of 2016

According to a new research report by Berg Insight, the number of monitored alarm systems in Europe is forecasted to grow from 8.7 million in 2016 at a compound annual growth rate (CAGR) of 4.0 percent to reach 10.6 million in 2021.

In North America, the number of monitored alarm systems is forecasted to grow at a CAGR of 2.9 percent from 32.1 million at the end of 2016 to 37.1 million at the end of 2021.

Small alarm systems for businesses and private homes can be divided into two main categories – local alarms and monitored alarms. The simplest type of local alarm only reacts to activation by ringing bells to alert the surroundings and scare off intruders. A more advanced type of local alarm is a self-monitoring alarm. Monitored alarms are connected to an Alarm Receiving Centre (ARC) that can respond to an activated alarm by contacting the police or dispatching a security patrol.

ADT is the leading provider of monitored alarm systems in North America. In 2016, ADT merged with Protection 1, which makes the combined company the clear market leader. Vivint and MONI Smart Security are other players with well over a million monitored alarms. Comcast and Slomin’s are two other major actors on the very fragmented North American market. Verisure is the leading player on the European market, with monitored alarms in a dozen countries. Securitas, G4S and the rising star Sector Alarm are all sizeable players, especially in the northern part of Europe. In the southern part of Europe, Prosegur and EPS are two dominant players. United Technologies Corporation with its Climate, Controls & Security business as well as Stanley Security and Johnson Controls (acquired Tyco in 2016) are also important players active in both Europe and North America.

cellular m2m connections in security applications 2015-2021There is still a significant growth potential for monitored small alarm systems, especially in Europe where the total penetration reached only 3.7 percent of all businesses and households at the end of 2016. “The penetration of monitored alarm systems in North America is much higher than in Europe and the corresponding figure was in this region 22.0 percent at the end of 2016”, says Anders Frick, Senior Analyst at Berg Insight.

The most important factor for market growth today is active marketing and sales led by specialist alarm service companies and new market entrants from the home automation industry.

Mr Frick concluded:

“Alarm systems are becoming more valuable for customers as the scope of offerings are being expanded to include detection of fire, carbon monoxide and water leaks, as well as home automation features such as smart plugs, locks, cameras, lighting and thermostat control.”

Download report brochure: Security Applications and Wireless M2M

The post Monitored alarm systems in Europe and North America reached 41 million at the end of 2016 appeared first on IoT Business News.

IoT Business News