Family traumatized after home monitoring system hacked by stranger

fox4kc.com
LONG ISLAND, N.Y. — A mother in Long Island says a stranger hacked her family’s Nest camera and tried having a conversation with her five-year-old son, according to WPIX.

Nest ads will show you beautiful images of mother nature captured on their outdoor cameras, life’s silly moments and even those moments when your child is up to no good.  But for this Long Island mother, the Nest cam she and her husband set up around their home to act as a nanny cam became a full-on nightmare.

“My son came running out of the playroom and found me in the kitchen and said ‘it’s not daddy talking to me. It’s not daddy.’”

Nearly every day, after school, this mother, who asked PIX11 to hide her identity, said her 5-year-old son chats with her husband through the Nest cam, a home monitoring system users can connect through their cell phones.  This time, however, it was a complete stranger on the other end.

“He asked my son if he took the school bus home and he was asking him about the toys he was playing with and when my son said ‘mommy, mommy,’ he told him to shut up,” she recalled.

When she walked into her child’s playroom, the ominous voice addressed her directly.

Now she is frightened and wonders how long a complete stranger was watching her family. Since this frightening violation, this mother called police, who, while sympathetic, said there was little they could do.

As for Nest?  She was simply told to change her password and switch to a two-factor verification when logging on, but for this mom it’s not enough. She wants to speak out to warn others about this potential danger lurking in their home.

A Nest spokesperson responded to our request for comment and issued this statement:

“We have seen instances where a small number of Nest customers have re-used passwords that were previously exposed through breaches on other websites, and made public. None of these breaches involved Nest. This exposes these customers to other people using the credentials to log into their Nest account. We are proactively alerting affected customers to reset their passwords and set up two-factor authentication, which adds another layer of account security. Customers can reach out to Nest customer support with questions or report anything suspicious to security@nest.com.”

Posted in Main | Leave a comment

Convicted Texas Door Knocker Gets 1-Year Jail Term, Fined $4K

In his Alarm Exchange newsletter, Ken Kirschenbaum examines the case of an alarm salesman who lost an appeal to overturn his conviction for shady sales practices.

   Jump to Comments
Convicted Texas Door Knocker Gets 1-Year Jail Term, Fined $4KAn alarm company salesman in Texas lost is appeal to overturn a 1-year jail term for duping an elderly woman into purchasing a bogus monitoring contract.

Beware to those door-knocking alarm salespeople who misrepresent themselves and prey upon unsuspecting or otherwise vulnerable customers. Your deceptive misdeeds do not always go unpunished.

Consider the case of a convicted alarm company salesman in Texas who has been slapped with a 1-year jail term and fined $4,000 for duping an elderly woman into purchasing a bogus monitoring contract.

In an installment of his Alarm Exchange newsletter, industry attorney Ken Kirschenbaum outlined details about the case in which the salesman appealed his original conviction on factual and technical grounds only to have an appellate court affirm the trial court’s decision.

The story of the salesman’s transgressions is, of course, all too familiar in the alarm industry. But as Kirschenbaum writes, while door-to-door sales tactics can be effective in stimulating sales it is the blatant deceptive business practices that are wholly unacceptable.

“In my opinion, it’s too bad that the company’s sale manager and even company president and owner [weren’t also prosecuted],” states Kirschenbaum, who pens SSI‘s “Legal Briefing” column. “They are the real culprits, probably training the door knocker and letting him loose, not to mention reaping the rewards of his illicit sales tactics and conduct.”

The following are quoted portions from the appellate court decision as presented in the Alarm Exchange newsletter:

The complainant was about 80-years-old at the time of the offense. She had a home security alarm system monitored by Central Security Group. There was a sign in the front of her yard with the name of the company on it.

Appellant was a door-to-door sales representative for Capital Connect, a different home security alarm monitoring company. On the day of the offense, appellant rang the complainant’s doorbell. When the complainant answered, appellant pointed to the sign in the yard and said, “I’m here to update your security.”

He said that he would put a light on her sign and make it more visible from the street. He did not say what company he worked for. He was not wearing a uniform, nametag, or anything to identify what company he worked for.

Believing that appellant worked for Central, the complainant invited appellant into her home. Appellant told her that installation of new features, such as wireless monitoring, would be “free.” Ultimately, the complainant signed a five-year alarm monitoring agreement with Capital at a higher monthly cost than her previous service with Central.

The complainant testified that, before she signed the new contract, she “kept telling him that I can’t do anything without my daughter’s approval” because the daughter “tends to all of my business.” The complainant testified that she realized appellant did not work for Central when he “presented the papers” to her. One of the documents the complainant signed was an “alarm upgrade agreement.”

The complainant initialed next to the statement: “I understand that Capital Connect has not bought, taken over or is in any way partnered with my current alarm monitoring company.”

The complainant also spoke on the phone with a representative from Capital while appellant was in her home, and a recording of the call was admitted as an exhibit at trial. When the representative asked the complainant who she was paying to monitor her alarm system, the complainant said, “Central.”

The representative asked whether the complainant was having a new alarm system installed because the prior company was going out of business, had been taken over, or was no longer able to perform monitoring services. The complainant responded, “No, I’m just changing it up.”

Later, they had the following exchange:

Representative: Do you understand that by accepting this offer you will be changing alarm companies?

Complainant: That I will what?

Representative: You will be changing alarm companies.

Complainant: I’m not understanding you.

Representative: Capital Connect is a separate company from Central and so I’m just verifying —

Complainant: Yes.

Representative: — that you understand that. Ok. Great. And you understand that moving forward that you will no longer be with Central and that your monitoring and billing will be performed by [Monitronics]?

Complainant: Right.

A few days later, the complainant canceled the new contract with Capital.

The State also introduced evidence regarding two additional instances when appellant had misled customers about who he worked for. The first witness testified that he was 80-years-old at the time of trial. In July 2016, the witness was returning home at about 8 p.m. when appellant walked up to the witness in the driveway.

Appellant had multiple “ID tags” or lanyards around his neck. The tags had the names of several companies, including Honeywell, Stanley and ADT. Appellant told the witness, “I’d like to talk to you about your alarm system, your burglar alarm. I see you have Stanley.”

For about 30 minutes while they were conversing, the witness thought appellant worked for Stanley — the witness’s then-current alarm monitoring company. The witness testified that appellant “probably misrepresented the fact that he was a Stanley operative.”

The witness testified that by the time he signed up for the new alarm system, he knew he was dealing with Capital.

The second witness testified that in June 2016, appellant came to the witness’s door. The witness testified that appellant “said that he wanted to talk to me about upgrading my security system, that he had seen the sign outside saying that I had ADT Security.”

Because appellant referred to the sign in the witness’s yard, the witness “assumed [appellant] was working for ADT.” While they were inside the house, the witness told his wife that appellant was “with ADT Security.”

Appellant did not correct the witness at that time. Appellant was inside the witness’s house for about 30 minutes before the witness realized that appellant did not work for ADT. The witness testified that the “first clue” that appellant did not work for ADT was the fact that the paperwork had “Capital Connect” written on it. The witness testified that he understood by the time he signed the contract that he was getting a Capital system.

The State, however, contends that the statute criminalizes conduct both leading up to and during the completion of a business transaction. Thus, the State contends that a “deceptive business practice can be committed in all aspects of the transaction and is not excused merely by a signature on a contract stating appropriate terms.”

Kirschenbaum agrees with the State, stating “The relevant inquiry does not focus on what the complainant knew at the time she signed the contract; instead, it focuses on what appellant did — what he represented — during the course of business.

Kirschenbaum goes on to say the representation must be made “in the course of business,” which includes “selling … serviceor property.” The statute does not criminalize conduct of a defendant only when the defendant is successful in perpetrating a fraud. Rather, the statute criminalizes the act of “representing” — an act that can occur before a completed transaction.

Kirschenbaum continues:

In this case, a rational juror could have understood the statutory word “representing” to include appellant’s conduct and statement immediately after he initiated contact with the elderly complainant at her front door — pointing to the Central sign and stating, “I’m here to update your security.”

A rational inference from this statement and conduct is that appellant was describing a Central Security Group alarm system, although he was not. Indeed, the complainant testified that appellant did not refer to a different company’s alarm system until appellant “presented the papers” to her after gaining entry to her home and discussing alarm system features with her.

Under the evidence in this case, a rational juror could have found that appellant represented that a commodity or service was of a particular style, grade or model when it was of another.

The State presented evidence regarding two uncharged extraneous offenses, which showed that appellant employed the same or similar tactic on other people. He pointed to their alarm system signs, for companies other than Capital, and misled the customers into believing that he worked for those companies.

In one instance, he wore multiple lanyards of different companies, and in the other instance, he failed to correct the customer’s statement that appellant worked for a company other than Capital. In both instances, the customers did not learn the true style, grade, or model of the alarm systems that appellant was peddling until nearly 30 minutes into the conversations.

Posted in Main | Leave a comment

Security Alarm Systems in Clearwater, Fla., Must Now Be Registered With Police

Amendments to the city’s security alarm system ordinance reflect the adoption of a new digital accounting system, along with modification to a fee payment schedule.

   Jump to Comments
Security Alarm Systems in Clearwater, Fla., Must Now Be Registered With PoliceThe Clearwater Police Department hired a web developer to create a new alarm registration system to manage online registry, oversee the issuance of citations and receive payments.

CLEARWATER, Fla. — Residents and business owners here are now required to register their security alarm systems with the police department, following revisions to a city ordinance.

Clearwater Police Chief Dan Slaughter appeared before the Clearwater City Council on March 12 to seek approval for the amendments to the ordinance. The city now requires that all residents and business owners who have a security alarm system to register with the police department, tbnweekly.com reports. For the past two decades, the police department had handled all permits and registrations manually.

“But now with the 20,000-plus customers we have in the city of Clearwater, the time has come for us to digitize and bring it up to date with current standards and current common practices,” Slaughter told council members.

The police department hired a Web developer to create a new system for the city to meet these needs, Slaughter said. The system will allow the department to manage the online registry and oversee the issuance of citations and to receive payments.

Changes to the ordinance reflect the adoption of the new digital system, the discontinuance of stickers which were given alarm system owners, and modification to the fee payment schedule, the website report. Citation payments are now required to be made within 30 days rather than 15 and the implementation of an escalating fee schedule.

“Where in the past we gave one free alarm per year, and then after that it was a $50 fine, now there will be an escalating scale,” Slaughter said, referring to when an officer responds to an alarm and it is later determined to be a false alarm.

According to Slaughter, there will be no fine for the first violation, but second through fifth violations will be $50 apiece, and six or more alarms would cost $100 per incident.

Should an alarm system owner not register their system with the police department and officers should respond to a break in at their home or business, they would be issued a $50 citation. However, that citation could be waived should the owner choose to register with the police department, the website reports.

Those owners who already have a valid permit and registration will be entered into the system by department personnel and need not reapply, unless changes to their systems have been made, Slaughter said.

Posted in Main | Leave a comment

Trump Authorizes PASS Act, Exempts Security Systems From DoE Energy Restrictions

President Trump signed the Power and Security Systems (PASS) Act that exempts security systems from having to abide by DoE’s no-load energy restrictions.

   Jump to Comments
Trump Authorizes PASS Act, Exempts Security Systems From DoE Energy RestrictionsPresident Donald Trump (pictured signing previous legislation) has signed into law legislation that allows security equipment to bypass the U.S. Department of Energy requirements to carry “no-load” in an energy efficiency mode.

WASHINGTON — President Donald Trump signed into law the Power and Security Systems (PASS) Act, P.L. 115-78, culminating a yearlong effort led by the Security Industry Association (SIA) to preserve an important provision in federal energy efficiency requirements critical to the operation of security and fire alarm systems.

“The PASS Act provides much-needed certainty to manufacturers, installers and service providers who are among thousands of Americans that work in the security industry,” SIA Director of Government Relations Jake Parker says. “But ultimately it benefits the millions of American consumers that depend on such security and life safety systems.”

Drafted with assistance from SIA and in collaboration with the energy efficiency community, the PASS Act extends a policy exempting security and life safety external power supplies (EPS) from having to meet a “no-load mode” energy efficiency standard, since they must always be connected and in active mode by design and no efficiency gains would result.

The new law makes the exemption essentially permanent by removing the July 1 expiration date on the exemption and providing the U.S. Department of Energy with authority to retain the common-sense policy in any future updates to energy efficiency standards governing external power supplies.

SIA led a coalition of industry groups in working with Congress to secure the exemption in 2011, which included a “sunset provision” — a common way of ensuring a new policy set forth in legislation is reviewed by Congress before becoming more permanent.

Preserving the exemption was a key concern for security manufactures and systems integrators. Without it, product redesign and adjustments to manufacturing processes would needlessly increase the cost of the equipment by 200% to 300%, according to industry estimates, affecting not just manufacturers but the entire value chain.

Enactment of this solution would not have been possible without the bipartisan leadership of the bill’s sponsors, Sens. Cory Gardner, R-Colo., and Maria Cantwell, D-Wash., as well as Reps. Peter Welch, D-Vt., and Susan Brooks, R-Ind. In the past two years, Gardner, Welch and Brooks have been recognized with SIA’s Legislator of the Year award for their support of this and other policies important to the security industry.

Posted in Main | Leave a comment

Hacked! Why Home Security Camera Installs Should Be Left to Pros

When selling video surveillance systems to would-be DIYs, remind customers about all the cybersecurity hacks out there, especially through IP cameras.

   Jump to Comments
Hacked! Why Home Security Camera Installs Should Be Left to ProsRemote networking, monitoring and management tools like SnapAV’s Luma + OvrC can help customers protect their surveillance systems from hacking.

Over the last year there have been several high-profile hacking events, including a distributed denial of service (DDoS) attack on Dyn, the Internet performance management company, which shut down major websites across the East Coast, and the much more recent Equifax breach.

Hackers are consistently working to take advantage of weaknesses, and security systems are a top target on their list. One of the more common devices in these systems is the IP camera  — it’s incredibly common, and many are inexpensive and poorly maintained.

Yet these products can be so simple and inexpensive for DIYs to install themselves, why would they need a pro for the job? Consider that getting the cameras and recorders up and running is the easy part. Maintaining these products and services over time is actually the hard part.

Manufacturers forget to mention this, even with a small asterisk, when they tell you, “It’s so easy your grandmother can do it.”

Remote networking, monitoring and management tools like SnapAV’s Luma + OvrC can help customers protect their surveillance systems from hacking. Recently, several surveillance manufacturers, including some really big ones, have announced known exploits on their systems that have comprised not only home security by the Internet in general. (See the running list at CVE, Common Vulnerabilities and Exposures.)

Breaches through cameras and other IoT devices remain a constant and ever-changing threat.  Professional installers should make sure the products are connected over a secure network, administered properly and updated constantly to ward off the latest Internet security threats.

In selling surveillance — even DIY products — remind clients that a security system is just like any piece of software that needs to be maintained and updated. New firmware is available on a regular basis to fix security threats, as well as address known issues and add new features (same is true for most connected devices).

Security systems should always be running on the latest available firmware, which requires them to be updated frequently. When given the option, do consumers press the “upgrade now” button or, like many of us, do they cancel and put it off to a later date?

As for home-technology pros, updates can consume quite a bit of time if done manually. To update the firmware of a handful of cameras and a recorder might take an hour. But multiply that across 25 sites and you are talking about significant time — and cost.

Thankfully, there are remote management systems that can ease this burden — simplifying the process and greatly reducing the time it takes to keep your customers’ security systems up to date. This includes instant notifications when new firmware is released, the ability to update remotely, and more.

Posted in Main | Leave a comment

Annual Revenue for Residential Monitored Security to Exceed $14B by 2020

New research by Parks Associates also shows that 20% of U.S. broadband households plan to purchase a network camera in the next 12 months.

   Jump to Comments
Annual Revenue for Residential Monitored Security to Exceed $14B by 2020 

DALLAS — New research by Parks Associates reveals that more than 26 million U.S. broadband households will have professionally monitored security by 2021, and that total annual revenue for professionally monitored security in U.S. households will exceed $14 billion by 2020.

“The residential security industry is changing along many dimensions,” says Tom Kerber, director of IoT Strategy, Parks Associates. “The addition of interactive services and home control products has expanded the market and changed the value chain and competitive landscape. Cable and telecom operators have entered the market with security services. New approaches to selling professional monitoring including self-installed solutions and on-demand monitoring services, and service providers are working to expand the market by connecting smart products to monitoring services.”

Another report titled, Smart Home Devices: User Experience, shows that security is the strongest driver for smart home adoption.

Among U.S. smart home device owners, 37% made the purchase to keep their home safe, while 29% wanted to monitor their home while away.

One-fifth of U.S. broadband households plan to purchase a smart all-in-one security product in the next 12 months, and another 20% plan to purchase a networked camera, according to the report.

“The residential security market has experienced continued growth, and the introduction of smart devices and services has opened new opportunities to bring more U.S. homes into the security market,” says Kerber. “Security providers must adapt to this trend and embrace the new IoT reality, which will expand the market for monitoring services and ultimately bring provider higher revenues.”

Posted in Main | Leave a comment

Robot Security Guard Drowns in Office Water Fountain

The Knightscope security robot has issued a statement after falling into a water fountain at an office and retail complex in Washington D.C.

Robot Security Guard Drowns in Office Water FountainPhoto Credit: Greg Pinelo‏

WASHINGTON, D.C. — A  K5 security robot by Knightscope was discovered face-down in the Washington Harbour office and retail complex water fountain yesterday afternoon.

The robot was on its daily rounds when it decided to roll down the stairs and into the fountain. It had only been patrolling for a few days according to a local office worker.

The robot, which is 5-feet tall and weighs 300 pounds, is designed to avoid confrontations. It uses sensors and analytics to detect unusual activity and report it back to humans to investigate.

Knightscope issued a statement saying the incident is under investigation, and described it as an “isolated incident.”

A new robot will be delivered to Washington Harbour this week for free.

Knightscope’s security robot made headlines this past April when a drunk man got into an altercation with one at the company’s HQ.

The man was charged with prowling and public intoxication, claiming to be an engineer who was “testing” the robot.

Of course a drowning robot has sent the internet into a frenzy. Fortunately, Knightscope has a good sense of humor about the situation, tweeting the following explanation from the security robot:knightscope security robot

Those who are worried about robots taking over the world should rest easy tonight — they can’t even swim yet.

Posted in Main | Leave a comment

7 Benefits of Having an Integrated Security System

From boosting productivity, to conflict resolution, integrating a security system can benefit businesses in many way

By Ahmad Hamidi · June 5, 2017

Business security is a complex issue that we tend to ignore until it’s too late. In today’s environment, putting up surveillance cameras or contracting a guard service provider is simply not enough from a security liability perspective.

Optimal security solutions can only be achieved by integrating security systems that fit each business’s unique requirements.

What is an Integrated Security System?

An integrated security system takes multi-layered security systems and integrates them into one solution. For example, a business can have the following security systems:

  • Video Surveillance
  • Access Control
  • Intrusion Alarm
  • P.A System
  • Uniformed Guard Service

Here is how an integrated security system can benefit your business.

1. Efficiency

 

Running a business comes with an abundant amount of high-order tasks, one of them being the company’s security. An integrated security system in any industry will allow businesses to flourish more effectively and efficiently.

Assigning a specific role for a specific person in regards to the different sectors of the integrated security system will allow the team member to utilize their skills, specifically in that area, ultimately ensuring the management team that the tasks assigned to that specific person will make a grand shift in the company’s efficiency.

2. Centralization

 

An integrated security system will allow a businesses security operations to become centralized. Management teams and business owners can now get a full report from one area rather then needing to speak to all areas of their integrated security system.

This not only is a time saver, but also allows a more organized work flow for businesses.

3. Theft Prevention

 

No matter what kind of industry one works in, they always have to be prepared for the unexpected theft. Whether internal theft or external theft, it can be overwhelming.

According to the Kroll Annual Global Theft Report, theft remains predominantly an inside job. The 2016 figures show that 60% of frauds are committed by insiders, up from 55% the year before. Ways to prevent moments like these is to integrate a specifically catered security system for your business.

4. Real Time Monitoring

 

With multiple security systems, business management teams are able to see what is going on within their facilities and areas of work instantly, if needed. However business owners and management teams don’t always spend all their time on the properties and can’t always ensure themselves that everything is running smoothly.

However, with real time monitoring, that task has turned into a simple system, accessible with a click of a button on your phone, tablet or computer.

5. Conflict Resolution

 

Some integrated security systems come with a package of video surveillance, access control, intrusion alarms, PA systems and uniformed guard services.

All of these elements will come forth if a problem were to arise in a work place, whether it be an internal/external burglary, attempted break-ins or just about any security threat that can occur at a business.

6. Boost Productivity

 

At any business, an integrated security system is a guarantee to boosting productivity in the workspace. According to Kristin Morgan at St. Francis University, “Employee monitoring is being used to increase customer satisfaction, improve employee performance and enhance productivity,”.

This allows business owners to monitor their employee activities as it is one of the most essential points in protecting their businesses from unwanted actions at the workplace.

7. Business Savings

 

In the long run, having an integrated security system will allow your business to save money and be protected. Otherwise, in the case of a theft, burglary or robbery, the business owners/management team would be held liable for all the losses with nowhere to turn to.

With an integrated security system, businesses have multiple outlets to look into and see what occurred, why it occurred or the possibility of those events not even taking place at all.

So organizations need to be proactive for their business security as failing to integrate the latest security system in your business can lead to an increased risk of a major security breach.

Posted in Main | Leave a comment

Alarm.com to Develop Drone Applications for Smart Home and Business Security

Alarmcom_drone_hovering_Alarmcom-Lab.jpgAt CES 2017, Alarm.com announced plans to develop autonomous, video-enabled drone applications to extend the capabilities of smart home and business security systems. Alarm.com’s multi-sensor awareness and property intelligence, together with the Qualcomm Snapdragon Flight drone platform, will deploy drones to investigate unexpected activity. The drones will be designed to autonomously navigate through the property and provide a high-resolution video feed to the property owner.

Alarm.com’s Insights Engine applies machine-learning algorithms to the growing data set generated by devices and sensors in a connected property. By recognizing complex activity patterns and detecting anomalies, Alarm.com can proactively respond to events on behalf of the user, the company reported. Alarm.com intends to leverage these insights to intelligently deploy video-enabled drones to the location where unexpected activity was detected or when an alarm was triggered. Strict, opt-in privacy controls will enable the property owner to easily share the video feed with a central monitoring station and emergency responders.

“This is a very interesting application for drones, which at their core are essentially flying cameras, and by using other advanced capabilities of our Snapdragon processors, Alarm.com is designing a whole new way to provide security to properties,” said Hugo Swart, senior director, product management, Qualcomm Technologies Inc. “The Qualcomm Snapdragon Flight platform pushes the boundaries of the drone industry and has led to many new form factors and use cases, and Alarm.com, with its security expertise, is taking commercial and residential security systems to the next level by integrating intelligent and cutting edge drones to its solutions.”

Daniel Kerzner, Alarm.com’s chief product officer, said, “Alarm.com has been a pioneer in the smart home and business security space. By analyzing data across the devices on our platform, we have created unique capabilities that make properties safer, smarter and more efficient. We’re excited to use Qualcomm Snapdragon Flight to develop similar applications for drones. Our intelligent drone deployment system will be designed to provide targeted video in response to specific events around a property, augmenting fixed location cameras and enhancing the active security perimeter for homes and businesses.”

Posted in Main | Leave a comment

SimpliSafe DIY Security System Investigation Yields Disturbing Results

DIY home security systems provider SimpliSafe has quickly amassed a large customer base. However, an independent forensic analysis shoots holes in the company’s model, claims and technology.

SimpliSafe — a DIY wireless alarm system that is shipped directly to consumers — ranges in price from $230-$540 depending on the package and equipment.

By Jeff Zwirn · November 1, 2016

 

Posing as an ordinary consumer, I recently purchased a SimpliSafe package in order to forensically investigate if claims about its products, compared to professional alarm contractors and the products that the alarm industry offers to the public, are accurate.

I also wanted to technically quantify if the representations of SimpliSafe offering an “advanced home security system” were factual.

To that end, I started by reading the SimpliSafe end-user and/or instruction manual. I then set up the system and proceeded to contact the Boston-headquartered company’s technical support department several times to ask about its products and services.

These questions were related to issues either not clarified and/or not disclosed through its website or in the system installation instructions.

What Exactly Is SimpliSafe?

SimpliSafe is a $229.96 and up to $539.95 and more (depending on the package and equipment) DIY wireless alarm system that is shipped to consumers directly.

The system consists of:

  • A base station
  • Keypad
  • Door contacts
  • Motion sensors
  • Glassbreak sensors
  • CO detectors
  • Smoke detectors
  • Water sensors
  • Freeze sensors
  • Wireless siren (in addition to the base station’s built-in siren)
  • Wireless panic button and/or keychain remote

The remote contains the SimpliSafe Easy Setup Wizard, a software program that provides animated instructions and allows system customization. The system uses an onboard cellular transmitter for central station monitoring. Subscribers receive text messages as well as other dispatch and notification services, standardly provided by central stations upon receipt of signals from the subscriber’s premises.

Subscribers do not sign annual or multiyear monitoring contracts, but instead are offered month-to-month monitoring at $14.99 per month.

SimpliSafe wants you to hide your base station with a lampshade.

In just a few years, the company has reportedly sold 200,000 systems … quite a success story. SimpliSafe’s website states that CEO and Chief Engineer Chad Laurans relied on his electrical engineering degree from Yale and an MBA from Harvard to design “an advanced home security system.”

The website goes on to state, “With so many people [meaning the alarm industry] making a profit, they need to use sneaky tactics to extract money from you. Their alarms use old wired technology and they’re hard to use (so you need to pay a service engineer for even the most straightforward task). SimpliSafe has sliced out shady annual contracts, intrusive installations and costly middlemen. We designed our system from scratch to give you everything you need in a security system plus some exciting bells and whistles.”

These audacious statements have drawn the ire of those within the security industry. And while that is enough for serious consternation, what is even more alarming, based on my findings, is that SimpliSafe has been concealing key information from the public with regard to its claims, assertions, systems and service.

Indeed, after inspecting the SimpliSafe equipment components, I identified what I believe are a profusion of irregularities.

The Complete System Is Not NRTL Listed

Let’s first look at the functional brains of the system: the base station.

While the wireless smoke detector and wireless carbon monoxide (CO) detectors are listed and labeled by Intertek, a Nationally Recognized Testing Laboratory (NRTL), and are in accordance with applicable statutory requirements of the National Electrical Code, NFPA 70 and UL standards, none of the other SimpliSafe devices are NRTL listed.

That includes, most importantly, the base station/control panel, which is required to be listed by an NRTL. The system manual references UL 985 and NFPA 72, but the fact that the base station is not listed is astonishingly absent from SimpliSafe’s website and marketing materials.

This means that only some of the system’s components are NRTL listed to UL Standards.

The purpose of independent third-party testing like this is to independently verify safety and reliability of the product to show that it meets universally adopted standards and codes.

Jeffrey Zwrin posed as an ordinary consumer to investigate SimpliSafe's products

Forensic alarm and security expert Jeff Zwirn puts a SimpliSafe system through its paces.

Such testing is required by NFPA 70 for the security and life-safety portions of the system when utilized, and is accepted as a nationally recognized industry standard and best practice.

The system’s base station is packaged together within an approximately 10.5-inch-high plastic lighted hub around the lower portion of its cone-type housing. Components in the system include:

  • Logic boards
  • A small siren
  • Cellular wireless radio transmitter
  • Wireless receiver
  • AC power input jack
  • Backup rechargeable batteries

Unlike an alarm control panel that is located in a basement or hidden in a closet, the sleek SimpliSafe base station is designed to be visible in the living area. Thus, it is more susceptible to physical destruction by an intruder, which would render the system nonfunctional and useless.

I was told by a SimpliSafe representative that the consumer, being me in this case, should consider placing a lampshade on top of it for a disguise.

At the same time, in response to questions I had for SimpliSafe, I received an email response and admissions stating in part that, while its base station is not UL Listed, it is tested (by the company itself) to meet UL standards. Importantly, there is no mention of the product meeting the compliance requirements, testing and successful listing mandates of UL 1023 and UL 985.

SimpliSafe does not use best practices

Therefore the information in the email is false. That is not the equivalent of the proper UL Listing. All of the system’s wireless keypads, sirens, key fobs, door and window transmitters, motion detectors and audio glass-break detectors are also not UL Listed or listed by any NRTL. There are also no tamper switches on any of the wireless transmitters.

So, if an intruder forcibly broke a glass window that only contained a contact, he could simply remove the cover of the transmitter to gain access to its internal battery. The SimpliSafe system would fail instantly.

This SimpliSafe design and equipment does not at all compare to what the professional alarm industry uses, is not “advanced,” and does not comport with nationally recognized industry standards and best practices.

 

Customer Service Reps Don’t Help

 

Continuing on with my investigative interview, I asked more questions of SimpliSafe’s support department representatives and the answers were remarkable.

 

The system manual curiously references UL 985, which is the UL standard for Household Fire Warning System Units. According to technical support representatives I spoke with, UL 985 means the transformer is to be secured to the wall with a bracket, which the company will send you for free if required.

 

Importantly, that is all the SimpliSafe tech support reps believe UL 985 requires to be provided, to the extent the local jurisdiction has the same requirement.

 

Not only was the information provided grossly inaccurate, but the plug-in portion of the system’s transformer that connects to the base station is not equipped to provide for restraining means, so it can easily be unplugged, accidentally or otherwise. Stated differently, the wireless smoke and CO detectors that SimpliSafe provides to consumers are listed, but the base station that receives the signal, activates an alarm and notifies the remote supervising station is not.

 

Therefore, SimpliSafe products are not in compliance with nationally recognized industry standards and best practices. They do not even meet Radio Shack control panel standards of the past as even this equipment was UL Listed.

 

Ineffective Sirens and Alarms

 

Moreover, I was advised by the SimpliSafe customer service rep that if a burglar alarm, panic alarm, smoke detector or CO detector activates, the system’s siren does not have the technical capability to distinctly sound such that the consumer could discriminate among the sources of impending danger.

 

This critical feature is required by NFPA 72 of The National Fire Alarm and Signaling Code. It was required in the National Fire Alarm Code as well, for fire alarm and CO detector equipment, through the use of Temporal 3 and Temporal 4 sounding.

 

SimpliSafe is extremely prone to hacking. It also doesn't help that the home station is in plain sight for intruders

 

Instead, the SimpliSafe consumer does not know what caused the alarm and must go to the keypad to retrieve that information, or await a text message, wasting critical time before knowing the nature of danger detected by the system. The latter assumes their cellphone is on and/or that it has functional wireless connectivity.

 

The wireless SimpliSafe siren is not properly supervised and not listed, plus the system’s base station and the central station do not receive any trouble signal if the unit fails. Only a local beep sounds during certain times when its batteries get low. This configuration alone does not meet the mandates and requirements set forth in NFPA 72 or applicable UL standards, and does not meet nationally recognized industry standards and best practices.

 

Also, the siren is not listed by an NRTL. Without proper supervision and reliable audibility, the occupants of the home will not be promptly alerted and warned of a life-safety emergency.

 

Additionally, consumers are not likely to recognize the importance of having sounders that are loud enough and in the right locations in order to alert and warn them of an emergency.

 

There is no warning in the SimpliSafe manual to instruct the end user about how important audibility is on all life-safety systems. It should also be noted that the base station has an onboard siren measuring approximately 2.25 inches in diameter integrated into its bottom.

 

SimpliSafe represents the siren produces 85dBs of sound. However, since the siren is facing downward, and is partially enclosed in the base station, I found it to be muffled during activations. The wireless, non-supervised siren is represented by SimpliSafe to be 105dB.

 

Simplisafe uses an outside monitoring agency, just like the alarm companies it bashes

 

Company personnel advised me it can be installed outdoors, even though it has no tamper switches and is not listed or recognized to be placed in an outside environment, or even designed to any standard to be exposed to the elements.

 

So if the SimpliSafe system activates due to detection of a life-safety emergency from a wireless smoke or CO detector in the basement of the home (with the base station of the system on the first floor), anyone sleeping on the second floor would have difficulty being alerted in accordance with NFPA 72 audibility requirements. They, in part, require the fire alarm sounder to be 15dBs over the ambient noise level at pillow.

 

The company rep I spoke with said NFPA 72 has nothing to say about sirens. Even though the system’s manual references NFPA 72, when I asked the tech support rep if he had a copy of it, I was told SimpliSafe is a paperless company and that I should Google it.

 

The System Relies on Pro Monitoring

 

The in-house rep also told me that SimpliSafe’s components are better because they are wireless. However, they do not have encrypted wireless technology available.

 

I was also told its wireless smoke and CO detectors cover 300 square feet. Typically, smoke detectors sold by the professional alarm industry protect an area of up to 900 square feet. And CO detectors, which are time-based to only detect high levels of CO starting at 70 ppm, take 60-240 minutes sustained at the detector before an alarm activation will occur under UL 2034.

 

The company rep reiterated the marketing claim that SimpliSafe is the better alternative to professional alarm systems since you cannot cut any wiring. But the cutting of any protective loop wiring on a normally closed burglary alarm circuit triggers the alarm system; it does not impair it.

 

The SimpliSafe base station has a blue light on it, making it easy to spot for intruders.

The SimpliSafe base station has a blue light on it, making it easy to spot for intruders.

 

The base station, which has a blue light on it, is recommended to be mounted near a window. So the unit would be vulnerable to an intruder to render it nonfunctional.

 

It should be noted that when the system goes into alarm its blue light turns off, supposedly making it difficult for an intruder to find it. But the sound of the system’s onboard siren still comes from its base station, which in my opinion makes it easily identifiable with or without the light.

 

Plus, all an intruder would need to do to know how the system works (and can be defeated) is to note SimpliSafe’s decals or yard signs, and then reference its website.

 

With regard to system monitoring, SimpliSafe uses a nationally known subcontract UL-Listed Five Diamond CSAA Central Monitoring Station whose primary target audience is professional alarm dealers. That’s interesting since SimpliSafe’s broad marketing brushstroke, with its powerful Internet and social media campaigns, is intent on damaging the reputation of professional alarm companies while the company uses the same type of monitoring services itself.

 

In the SimpliSafe manual, it states the system should be tested by a “qualified” technician every three years, which came from earlier editions of NFPA 72. However, the 2010 edition of NFPA, per Table 14.3.1, requires annual testing. I asked the rep who that would be, meaning who would the consumer call? Would I have to call an alarm company to perform this test?

 

SimpliSafe products are not in compliance with nationally recognized industry standards and best practices … they do not even meet Radio Shack control panel standards of the past.

 

I was advised by the rep that the local fire marshal would do this task. However, NFPA 72 defines what a qualified technician is and fire marshals generally do not have the core qualifications, let alone perform this service for consumers or have the time to do so.

 

On another call to SimpliSafe support, I was told a handyman or a “certified” handyman (certified in what, I thought) could perform the task. If unqualified persons test life-safety systems, as recommended by SimpliSafe, the results may be unreliable and potentially catastrophic to persons relying on these systems during an emergency.

 

Lastly, a rep stated the company could test the system over the phone with the customer, which again is not the intent of this NFPA 72 requirement.

 

SimpliSafe also states that its base station contains eight hours of standby time if the primary AC transformer power fails to the system. However, for systems equipped with life-safety detectors, NFPA 72 mandates and requires 24 hours of standby time when primary power fails to a control panel set, in addition to four minutes of alarm time.

 

How can any company refer its customers to NFPA 72 in its installation manual yet not be familiar with NFPA 72 or design its products to be in compliance with it?

 

Monitoring Is Nontransferable

 

Focusing on training, the rep told me they get their training directly from SimpliSafe in-house, and that the company’s president cares about his employees and customers. SimpliSafe touts you can sign up on a month-to-month contract and not be locked in to a long-term monitoring contract by the alarm industry. When I asked if I can cancel its monitoring and contract with another central station, I was given a flat-out no, and the news that I would be left with a local alarm system only.

 

Therefore, by design, SimpliSafe sells its monitored product and if you cancel, the system cannot be monitored by any other central station (ever).

 

SimpliSafe should disclose this to consumers, as it is clearly relevant. At least with so-called long-term monitoring contracts, most alarm companies will allow the customer to contract with another central station at the conclusion of the monitoring contract.

 

Coming full circle, in no way should SimpliSafe’s system be considered as providing advanced or comprehensive security. In my opinion, the company’s actions and inactions demonstrate a disregard for its consumers and their families, who rely on SimpliSafe for security and life safety.

 

SimpliSafe should take responsibility and address the aforementioned serious defects and irregularities, many of which the average consumer would not be aware of yet incur the potential negative outcomes as a consequence.

 

The business of security is a serious one, and no one should ever be sold a product that provides a false sense of security or does not fully comply with nationally recognized industry standards and best practices.

 

 

 

Posted in Main | Leave a comment