Security Alarm Systems in Clearwater, Fla., Must Now Be Registered With Police

Amendments to the city’s security alarm system ordinance reflect the adoption of a new digital accounting system, along with modification to a fee payment schedule.

   Jump to Comments
Security Alarm Systems in Clearwater, Fla., Must Now Be Registered With PoliceThe Clearwater Police Department hired a web developer to create a new alarm registration system to manage online registry, oversee the issuance of citations and receive payments.

CLEARWATER, Fla. — Residents and business owners here are now required to register their security alarm systems with the police department, following revisions to a city ordinance.

Clearwater Police Chief Dan Slaughter appeared before the Clearwater City Council on March 12 to seek approval for the amendments to the ordinance. The city now requires that all residents and business owners who have a security alarm system to register with the police department, tbnweekly.com reports. For the past two decades, the police department had handled all permits and registrations manually.

“But now with the 20,000-plus customers we have in the city of Clearwater, the time has come for us to digitize and bring it up to date with current standards and current common practices,” Slaughter told council members.

The police department hired a Web developer to create a new system for the city to meet these needs, Slaughter said. The system will allow the department to manage the online registry and oversee the issuance of citations and to receive payments.

Changes to the ordinance reflect the adoption of the new digital system, the discontinuance of stickers which were given alarm system owners, and modification to the fee payment schedule, the website report. Citation payments are now required to be made within 30 days rather than 15 and the implementation of an escalating fee schedule.

“Where in the past we gave one free alarm per year, and then after that it was a $50 fine, now there will be an escalating scale,” Slaughter said, referring to when an officer responds to an alarm and it is later determined to be a false alarm.

According to Slaughter, there will be no fine for the first violation, but second through fifth violations will be $50 apiece, and six or more alarms would cost $100 per incident.

Should an alarm system owner not register their system with the police department and officers should respond to a break in at their home or business, they would be issued a $50 citation. However, that citation could be waived should the owner choose to register with the police department, the website reports.

Those owners who already have a valid permit and registration will be entered into the system by department personnel and need not reapply, unless changes to their systems have been made, Slaughter said.

Posted in Main | Leave a comment

Trump Authorizes PASS Act, Exempts Security Systems From DoE Energy Restrictions

President Trump signed the Power and Security Systems (PASS) Act that exempts security systems from having to abide by DoE’s no-load energy restrictions.

   Jump to Comments
Trump Authorizes PASS Act, Exempts Security Systems From DoE Energy RestrictionsPresident Donald Trump (pictured signing previous legislation) has signed into law legislation that allows security equipment to bypass the U.S. Department of Energy requirements to carry “no-load” in an energy efficiency mode.

WASHINGTON — President Donald Trump signed into law the Power and Security Systems (PASS) Act, P.L. 115-78, culminating a yearlong effort led by the Security Industry Association (SIA) to preserve an important provision in federal energy efficiency requirements critical to the operation of security and fire alarm systems.

“The PASS Act provides much-needed certainty to manufacturers, installers and service providers who are among thousands of Americans that work in the security industry,” SIA Director of Government Relations Jake Parker says. “But ultimately it benefits the millions of American consumers that depend on such security and life safety systems.”

Drafted with assistance from SIA and in collaboration with the energy efficiency community, the PASS Act extends a policy exempting security and life safety external power supplies (EPS) from having to meet a “no-load mode” energy efficiency standard, since they must always be connected and in active mode by design and no efficiency gains would result.

The new law makes the exemption essentially permanent by removing the July 1 expiration date on the exemption and providing the U.S. Department of Energy with authority to retain the common-sense policy in any future updates to energy efficiency standards governing external power supplies.

SIA led a coalition of industry groups in working with Congress to secure the exemption in 2011, which included a “sunset provision” — a common way of ensuring a new policy set forth in legislation is reviewed by Congress before becoming more permanent.

Preserving the exemption was a key concern for security manufactures and systems integrators. Without it, product redesign and adjustments to manufacturing processes would needlessly increase the cost of the equipment by 200% to 300%, according to industry estimates, affecting not just manufacturers but the entire value chain.

Enactment of this solution would not have been possible without the bipartisan leadership of the bill’s sponsors, Sens. Cory Gardner, R-Colo., and Maria Cantwell, D-Wash., as well as Reps. Peter Welch, D-Vt., and Susan Brooks, R-Ind. In the past two years, Gardner, Welch and Brooks have been recognized with SIA’s Legislator of the Year award for their support of this and other policies important to the security industry.

Posted in Main | Leave a comment

Hacked! Why Home Security Camera Installs Should Be Left to Pros

When selling video surveillance systems to would-be DIYs, remind customers about all the cybersecurity hacks out there, especially through IP cameras.

   Jump to Comments
Hacked! Why Home Security Camera Installs Should Be Left to ProsRemote networking, monitoring and management tools like SnapAV’s Luma + OvrC can help customers protect their surveillance systems from hacking.

Over the last year there have been several high-profile hacking events, including a distributed denial of service (DDoS) attack on Dyn, the Internet performance management company, which shut down major websites across the East Coast, and the much more recent Equifax breach.

Hackers are consistently working to take advantage of weaknesses, and security systems are a top target on their list. One of the more common devices in these systems is the IP camera  — it’s incredibly common, and many are inexpensive and poorly maintained.

Yet these products can be so simple and inexpensive for DIYs to install themselves, why would they need a pro for the job? Consider that getting the cameras and recorders up and running is the easy part. Maintaining these products and services over time is actually the hard part.

Manufacturers forget to mention this, even with a small asterisk, when they tell you, “It’s so easy your grandmother can do it.”

Remote networking, monitoring and management tools like SnapAV’s Luma + OvrC can help customers protect their surveillance systems from hacking. Recently, several surveillance manufacturers, including some really big ones, have announced known exploits on their systems that have comprised not only home security by the Internet in general. (See the running list at CVE, Common Vulnerabilities and Exposures.)

Breaches through cameras and other IoT devices remain a constant and ever-changing threat.  Professional installers should make sure the products are connected over a secure network, administered properly and updated constantly to ward off the latest Internet security threats.

In selling surveillance — even DIY products — remind clients that a security system is just like any piece of software that needs to be maintained and updated. New firmware is available on a regular basis to fix security threats, as well as address known issues and add new features (same is true for most connected devices).

Security systems should always be running on the latest available firmware, which requires them to be updated frequently. When given the option, do consumers press the “upgrade now” button or, like many of us, do they cancel and put it off to a later date?

As for home-technology pros, updates can consume quite a bit of time if done manually. To update the firmware of a handful of cameras and a recorder might take an hour. But multiply that across 25 sites and you are talking about significant time — and cost.

Thankfully, there are remote management systems that can ease this burden — simplifying the process and greatly reducing the time it takes to keep your customers’ security systems up to date. This includes instant notifications when new firmware is released, the ability to update remotely, and more.

Posted in Main | Leave a comment

Annual Revenue for Residential Monitored Security to Exceed $14B by 2020

New research by Parks Associates also shows that 20% of U.S. broadband households plan to purchase a network camera in the next 12 months.

   Jump to Comments
Annual Revenue for Residential Monitored Security to Exceed $14B by 2020 

DALLAS — New research by Parks Associates reveals that more than 26 million U.S. broadband households will have professionally monitored security by 2021, and that total annual revenue for professionally monitored security in U.S. households will exceed $14 billion by 2020.

“The residential security industry is changing along many dimensions,” says Tom Kerber, director of IoT Strategy, Parks Associates. “The addition of interactive services and home control products has expanded the market and changed the value chain and competitive landscape. Cable and telecom operators have entered the market with security services. New approaches to selling professional monitoring including self-installed solutions and on-demand monitoring services, and service providers are working to expand the market by connecting smart products to monitoring services.”

Another report titled, Smart Home Devices: User Experience, shows that security is the strongest driver for smart home adoption.

Among U.S. smart home device owners, 37% made the purchase to keep their home safe, while 29% wanted to monitor their home while away.

One-fifth of U.S. broadband households plan to purchase a smart all-in-one security product in the next 12 months, and another 20% plan to purchase a networked camera, according to the report.

“The residential security market has experienced continued growth, and the introduction of smart devices and services has opened new opportunities to bring more U.S. homes into the security market,” says Kerber. “Security providers must adapt to this trend and embrace the new IoT reality, which will expand the market for monitoring services and ultimately bring provider higher revenues.”

Posted in Main | Leave a comment

Robot Security Guard Drowns in Office Water Fountain

The Knightscope security robot has issued a statement after falling into a water fountain at an office and retail complex in Washington D.C.

Robot Security Guard Drowns in Office Water FountainPhoto Credit: Greg Pinelo‏

WASHINGTON, D.C. — A  K5 security robot by Knightscope was discovered face-down in the Washington Harbour office and retail complex water fountain yesterday afternoon.

The robot was on its daily rounds when it decided to roll down the stairs and into the fountain. It had only been patrolling for a few days according to a local office worker.

The robot, which is 5-feet tall and weighs 300 pounds, is designed to avoid confrontations. It uses sensors and analytics to detect unusual activity and report it back to humans to investigate.

Knightscope issued a statement saying the incident is under investigation, and described it as an “isolated incident.”

A new robot will be delivered to Washington Harbour this week for free.

Knightscope’s security robot made headlines this past April when a drunk man got into an altercation with one at the company’s HQ.

The man was charged with prowling and public intoxication, claiming to be an engineer who was “testing” the robot.

Of course a drowning robot has sent the internet into a frenzy. Fortunately, Knightscope has a good sense of humor about the situation, tweeting the following explanation from the security robot:knightscope security robot

Those who are worried about robots taking over the world should rest easy tonight — they can’t even swim yet.

Posted in Main | Leave a comment

7 Benefits of Having an Integrated Security System

From boosting productivity, to conflict resolution, integrating a security system can benefit businesses in many way

By Ahmad Hamidi · June 5, 2017

Business security is a complex issue that we tend to ignore until it’s too late. In today’s environment, putting up surveillance cameras or contracting a guard service provider is simply not enough from a security liability perspective.

Optimal security solutions can only be achieved by integrating security systems that fit each business’s unique requirements.

What is an Integrated Security System?

An integrated security system takes multi-layered security systems and integrates them into one solution. For example, a business can have the following security systems:

  • Video Surveillance
  • Access Control
  • Intrusion Alarm
  • P.A System
  • Uniformed Guard Service

Here is how an integrated security system can benefit your business.

1. Efficiency

 

Running a business comes with an abundant amount of high-order tasks, one of them being the company’s security. An integrated security system in any industry will allow businesses to flourish more effectively and efficiently.

Assigning a specific role for a specific person in regards to the different sectors of the integrated security system will allow the team member to utilize their skills, specifically in that area, ultimately ensuring the management team that the tasks assigned to that specific person will make a grand shift in the company’s efficiency.

2. Centralization

 

An integrated security system will allow a businesses security operations to become centralized. Management teams and business owners can now get a full report from one area rather then needing to speak to all areas of their integrated security system.

This not only is a time saver, but also allows a more organized work flow for businesses.

3. Theft Prevention

 

No matter what kind of industry one works in, they always have to be prepared for the unexpected theft. Whether internal theft or external theft, it can be overwhelming.

According to the Kroll Annual Global Theft Report, theft remains predominantly an inside job. The 2016 figures show that 60% of frauds are committed by insiders, up from 55% the year before. Ways to prevent moments like these is to integrate a specifically catered security system for your business.

4. Real Time Monitoring

 

With multiple security systems, business management teams are able to see what is going on within their facilities and areas of work instantly, if needed. However business owners and management teams don’t always spend all their time on the properties and can’t always ensure themselves that everything is running smoothly.

However, with real time monitoring, that task has turned into a simple system, accessible with a click of a button on your phone, tablet or computer.

5. Conflict Resolution

 

Some integrated security systems come with a package of video surveillance, access control, intrusion alarms, PA systems and uniformed guard services.

All of these elements will come forth if a problem were to arise in a work place, whether it be an internal/external burglary, attempted break-ins or just about any security threat that can occur at a business.

6. Boost Productivity

 

At any business, an integrated security system is a guarantee to boosting productivity in the workspace. According to Kristin Morgan at St. Francis University, “Employee monitoring is being used to increase customer satisfaction, improve employee performance and enhance productivity,”.

This allows business owners to monitor their employee activities as it is one of the most essential points in protecting their businesses from unwanted actions at the workplace.

7. Business Savings

 

In the long run, having an integrated security system will allow your business to save money and be protected. Otherwise, in the case of a theft, burglary or robbery, the business owners/management team would be held liable for all the losses with nowhere to turn to.

With an integrated security system, businesses have multiple outlets to look into and see what occurred, why it occurred or the possibility of those events not even taking place at all.

So organizations need to be proactive for their business security as failing to integrate the latest security system in your business can lead to an increased risk of a major security breach.

Posted in Main | Leave a comment

Alarm.com to Develop Drone Applications for Smart Home and Business Security

Alarmcom_drone_hovering_Alarmcom-Lab.jpgAt CES 2017, Alarm.com announced plans to develop autonomous, video-enabled drone applications to extend the capabilities of smart home and business security systems. Alarm.com’s multi-sensor awareness and property intelligence, together with the Qualcomm Snapdragon Flight drone platform, will deploy drones to investigate unexpected activity. The drones will be designed to autonomously navigate through the property and provide a high-resolution video feed to the property owner.

Alarm.com’s Insights Engine applies machine-learning algorithms to the growing data set generated by devices and sensors in a connected property. By recognizing complex activity patterns and detecting anomalies, Alarm.com can proactively respond to events on behalf of the user, the company reported. Alarm.com intends to leverage these insights to intelligently deploy video-enabled drones to the location where unexpected activity was detected or when an alarm was triggered. Strict, opt-in privacy controls will enable the property owner to easily share the video feed with a central monitoring station and emergency responders.

“This is a very interesting application for drones, which at their core are essentially flying cameras, and by using other advanced capabilities of our Snapdragon processors, Alarm.com is designing a whole new way to provide security to properties,” said Hugo Swart, senior director, product management, Qualcomm Technologies Inc. “The Qualcomm Snapdragon Flight platform pushes the boundaries of the drone industry and has led to many new form factors and use cases, and Alarm.com, with its security expertise, is taking commercial and residential security systems to the next level by integrating intelligent and cutting edge drones to its solutions.”

Daniel Kerzner, Alarm.com’s chief product officer, said, “Alarm.com has been a pioneer in the smart home and business security space. By analyzing data across the devices on our platform, we have created unique capabilities that make properties safer, smarter and more efficient. We’re excited to use Qualcomm Snapdragon Flight to develop similar applications for drones. Our intelligent drone deployment system will be designed to provide targeted video in response to specific events around a property, augmenting fixed location cameras and enhancing the active security perimeter for homes and businesses.”

Posted in Main | Leave a comment

SimpliSafe DIY Security System Investigation Yields Disturbing Results

DIY home security systems provider SimpliSafe has quickly amassed a large customer base. However, an independent forensic analysis shoots holes in the company’s model, claims and technology.

SimpliSafe — a DIY wireless alarm system that is shipped directly to consumers — ranges in price from $230-$540 depending on the package and equipment.

By Jeff Zwirn · November 1, 2016

 

Posing as an ordinary consumer, I recently purchased a SimpliSafe package in order to forensically investigate if claims about its products, compared to professional alarm contractors and the products that the alarm industry offers to the public, are accurate.

I also wanted to technically quantify if the representations of SimpliSafe offering an “advanced home security system” were factual.

To that end, I started by reading the SimpliSafe end-user and/or instruction manual. I then set up the system and proceeded to contact the Boston-headquartered company’s technical support department several times to ask about its products and services.

These questions were related to issues either not clarified and/or not disclosed through its website or in the system installation instructions.

What Exactly Is SimpliSafe?

SimpliSafe is a $229.96 and up to $539.95 and more (depending on the package and equipment) DIY wireless alarm system that is shipped to consumers directly.

The system consists of:

  • A base station
  • Keypad
  • Door contacts
  • Motion sensors
  • Glassbreak sensors
  • CO detectors
  • Smoke detectors
  • Water sensors
  • Freeze sensors
  • Wireless siren (in addition to the base station’s built-in siren)
  • Wireless panic button and/or keychain remote

The remote contains the SimpliSafe Easy Setup Wizard, a software program that provides animated instructions and allows system customization. The system uses an onboard cellular transmitter for central station monitoring. Subscribers receive text messages as well as other dispatch and notification services, standardly provided by central stations upon receipt of signals from the subscriber’s premises.

Subscribers do not sign annual or multiyear monitoring contracts, but instead are offered month-to-month monitoring at $14.99 per month.

SimpliSafe wants you to hide your base station with a lampshade.

In just a few years, the company has reportedly sold 200,000 systems … quite a success story. SimpliSafe’s website states that CEO and Chief Engineer Chad Laurans relied on his electrical engineering degree from Yale and an MBA from Harvard to design “an advanced home security system.”

The website goes on to state, “With so many people [meaning the alarm industry] making a profit, they need to use sneaky tactics to extract money from you. Their alarms use old wired technology and they’re hard to use (so you need to pay a service engineer for even the most straightforward task). SimpliSafe has sliced out shady annual contracts, intrusive installations and costly middlemen. We designed our system from scratch to give you everything you need in a security system plus some exciting bells and whistles.”

These audacious statements have drawn the ire of those within the security industry. And while that is enough for serious consternation, what is even more alarming, based on my findings, is that SimpliSafe has been concealing key information from the public with regard to its claims, assertions, systems and service.

Indeed, after inspecting the SimpliSafe equipment components, I identified what I believe are a profusion of irregularities.

The Complete System Is Not NRTL Listed

Let’s first look at the functional brains of the system: the base station.

While the wireless smoke detector and wireless carbon monoxide (CO) detectors are listed and labeled by Intertek, a Nationally Recognized Testing Laboratory (NRTL), and are in accordance with applicable statutory requirements of the National Electrical Code, NFPA 70 and UL standards, none of the other SimpliSafe devices are NRTL listed.

That includes, most importantly, the base station/control panel, which is required to be listed by an NRTL. The system manual references UL 985 and NFPA 72, but the fact that the base station is not listed is astonishingly absent from SimpliSafe’s website and marketing materials.

This means that only some of the system’s components are NRTL listed to UL Standards.

The purpose of independent third-party testing like this is to independently verify safety and reliability of the product to show that it meets universally adopted standards and codes.

Jeffrey Zwrin posed as an ordinary consumer to investigate SimpliSafe's products

Forensic alarm and security expert Jeff Zwirn puts a SimpliSafe system through its paces.

Such testing is required by NFPA 70 for the security and life-safety portions of the system when utilized, and is accepted as a nationally recognized industry standard and best practice.

The system’s base station is packaged together within an approximately 10.5-inch-high plastic lighted hub around the lower portion of its cone-type housing. Components in the system include:

  • Logic boards
  • A small siren
  • Cellular wireless radio transmitter
  • Wireless receiver
  • AC power input jack
  • Backup rechargeable batteries

Unlike an alarm control panel that is located in a basement or hidden in a closet, the sleek SimpliSafe base station is designed to be visible in the living area. Thus, it is more susceptible to physical destruction by an intruder, which would render the system nonfunctional and useless.

I was told by a SimpliSafe representative that the consumer, being me in this case, should consider placing a lampshade on top of it for a disguise.

At the same time, in response to questions I had for SimpliSafe, I received an email response and admissions stating in part that, while its base station is not UL Listed, it is tested (by the company itself) to meet UL standards. Importantly, there is no mention of the product meeting the compliance requirements, testing and successful listing mandates of UL 1023 and UL 985.

SimpliSafe does not use best practices

Therefore the information in the email is false. That is not the equivalent of the proper UL Listing. All of the system’s wireless keypads, sirens, key fobs, door and window transmitters, motion detectors and audio glass-break detectors are also not UL Listed or listed by any NRTL. There are also no tamper switches on any of the wireless transmitters.

So, if an intruder forcibly broke a glass window that only contained a contact, he could simply remove the cover of the transmitter to gain access to its internal battery. The SimpliSafe system would fail instantly.

This SimpliSafe design and equipment does not at all compare to what the professional alarm industry uses, is not “advanced,” and does not comport with nationally recognized industry standards and best practices.

 

Customer Service Reps Don’t Help

 

Continuing on with my investigative interview, I asked more questions of SimpliSafe’s support department representatives and the answers were remarkable.

 

The system manual curiously references UL 985, which is the UL standard for Household Fire Warning System Units. According to technical support representatives I spoke with, UL 985 means the transformer is to be secured to the wall with a bracket, which the company will send you for free if required.

 

Importantly, that is all the SimpliSafe tech support reps believe UL 985 requires to be provided, to the extent the local jurisdiction has the same requirement.

 

Not only was the information provided grossly inaccurate, but the plug-in portion of the system’s transformer that connects to the base station is not equipped to provide for restraining means, so it can easily be unplugged, accidentally or otherwise. Stated differently, the wireless smoke and CO detectors that SimpliSafe provides to consumers are listed, but the base station that receives the signal, activates an alarm and notifies the remote supervising station is not.

 

Therefore, SimpliSafe products are not in compliance with nationally recognized industry standards and best practices. They do not even meet Radio Shack control panel standards of the past as even this equipment was UL Listed.

 

Ineffective Sirens and Alarms

 

Moreover, I was advised by the SimpliSafe customer service rep that if a burglar alarm, panic alarm, smoke detector or CO detector activates, the system’s siren does not have the technical capability to distinctly sound such that the consumer could discriminate among the sources of impending danger.

 

This critical feature is required by NFPA 72 of The National Fire Alarm and Signaling Code. It was required in the National Fire Alarm Code as well, for fire alarm and CO detector equipment, through the use of Temporal 3 and Temporal 4 sounding.

 

SimpliSafe is extremely prone to hacking. It also doesn't help that the home station is in plain sight for intruders

 

Instead, the SimpliSafe consumer does not know what caused the alarm and must go to the keypad to retrieve that information, or await a text message, wasting critical time before knowing the nature of danger detected by the system. The latter assumes their cellphone is on and/or that it has functional wireless connectivity.

 

The wireless SimpliSafe siren is not properly supervised and not listed, plus the system’s base station and the central station do not receive any trouble signal if the unit fails. Only a local beep sounds during certain times when its batteries get low. This configuration alone does not meet the mandates and requirements set forth in NFPA 72 or applicable UL standards, and does not meet nationally recognized industry standards and best practices.

 

Also, the siren is not listed by an NRTL. Without proper supervision and reliable audibility, the occupants of the home will not be promptly alerted and warned of a life-safety emergency.

 

Additionally, consumers are not likely to recognize the importance of having sounders that are loud enough and in the right locations in order to alert and warn them of an emergency.

 

There is no warning in the SimpliSafe manual to instruct the end user about how important audibility is on all life-safety systems. It should also be noted that the base station has an onboard siren measuring approximately 2.25 inches in diameter integrated into its bottom.

 

SimpliSafe represents the siren produces 85dBs of sound. However, since the siren is facing downward, and is partially enclosed in the base station, I found it to be muffled during activations. The wireless, non-supervised siren is represented by SimpliSafe to be 105dB.

 

Simplisafe uses an outside monitoring agency, just like the alarm companies it bashes

 

Company personnel advised me it can be installed outdoors, even though it has no tamper switches and is not listed or recognized to be placed in an outside environment, or even designed to any standard to be exposed to the elements.

 

So if the SimpliSafe system activates due to detection of a life-safety emergency from a wireless smoke or CO detector in the basement of the home (with the base station of the system on the first floor), anyone sleeping on the second floor would have difficulty being alerted in accordance with NFPA 72 audibility requirements. They, in part, require the fire alarm sounder to be 15dBs over the ambient noise level at pillow.

 

The company rep I spoke with said NFPA 72 has nothing to say about sirens. Even though the system’s manual references NFPA 72, when I asked the tech support rep if he had a copy of it, I was told SimpliSafe is a paperless company and that I should Google it.

 

The System Relies on Pro Monitoring

 

The in-house rep also told me that SimpliSafe’s components are better because they are wireless. However, they do not have encrypted wireless technology available.

 

I was also told its wireless smoke and CO detectors cover 300 square feet. Typically, smoke detectors sold by the professional alarm industry protect an area of up to 900 square feet. And CO detectors, which are time-based to only detect high levels of CO starting at 70 ppm, take 60-240 minutes sustained at the detector before an alarm activation will occur under UL 2034.

 

The company rep reiterated the marketing claim that SimpliSafe is the better alternative to professional alarm systems since you cannot cut any wiring. But the cutting of any protective loop wiring on a normally closed burglary alarm circuit triggers the alarm system; it does not impair it.

 

The SimpliSafe base station has a blue light on it, making it easy to spot for intruders.

The SimpliSafe base station has a blue light on it, making it easy to spot for intruders.

 

The base station, which has a blue light on it, is recommended to be mounted near a window. So the unit would be vulnerable to an intruder to render it nonfunctional.

 

It should be noted that when the system goes into alarm its blue light turns off, supposedly making it difficult for an intruder to find it. But the sound of the system’s onboard siren still comes from its base station, which in my opinion makes it easily identifiable with or without the light.

 

Plus, all an intruder would need to do to know how the system works (and can be defeated) is to note SimpliSafe’s decals or yard signs, and then reference its website.

 

With regard to system monitoring, SimpliSafe uses a nationally known subcontract UL-Listed Five Diamond CSAA Central Monitoring Station whose primary target audience is professional alarm dealers. That’s interesting since SimpliSafe’s broad marketing brushstroke, with its powerful Internet and social media campaigns, is intent on damaging the reputation of professional alarm companies while the company uses the same type of monitoring services itself.

 

In the SimpliSafe manual, it states the system should be tested by a “qualified” technician every three years, which came from earlier editions of NFPA 72. However, the 2010 edition of NFPA, per Table 14.3.1, requires annual testing. I asked the rep who that would be, meaning who would the consumer call? Would I have to call an alarm company to perform this test?

 

SimpliSafe products are not in compliance with nationally recognized industry standards and best practices … they do not even meet Radio Shack control panel standards of the past.

 

I was advised by the rep that the local fire marshal would do this task. However, NFPA 72 defines what a qualified technician is and fire marshals generally do not have the core qualifications, let alone perform this service for consumers or have the time to do so.

 

On another call to SimpliSafe support, I was told a handyman or a “certified” handyman (certified in what, I thought) could perform the task. If unqualified persons test life-safety systems, as recommended by SimpliSafe, the results may be unreliable and potentially catastrophic to persons relying on these systems during an emergency.

 

Lastly, a rep stated the company could test the system over the phone with the customer, which again is not the intent of this NFPA 72 requirement.

 

SimpliSafe also states that its base station contains eight hours of standby time if the primary AC transformer power fails to the system. However, for systems equipped with life-safety detectors, NFPA 72 mandates and requires 24 hours of standby time when primary power fails to a control panel set, in addition to four minutes of alarm time.

 

How can any company refer its customers to NFPA 72 in its installation manual yet not be familiar with NFPA 72 or design its products to be in compliance with it?

 

Monitoring Is Nontransferable

 

Focusing on training, the rep told me they get their training directly from SimpliSafe in-house, and that the company’s president cares about his employees and customers. SimpliSafe touts you can sign up on a month-to-month contract and not be locked in to a long-term monitoring contract by the alarm industry. When I asked if I can cancel its monitoring and contract with another central station, I was given a flat-out no, and the news that I would be left with a local alarm system only.

 

Therefore, by design, SimpliSafe sells its monitored product and if you cancel, the system cannot be monitored by any other central station (ever).

 

SimpliSafe should disclose this to consumers, as it is clearly relevant. At least with so-called long-term monitoring contracts, most alarm companies will allow the customer to contract with another central station at the conclusion of the monitoring contract.

 

Coming full circle, in no way should SimpliSafe’s system be considered as providing advanced or comprehensive security. In my opinion, the company’s actions and inactions demonstrate a disregard for its consumers and their families, who rely on SimpliSafe for security and life safety.

 

SimpliSafe should take responsibility and address the aforementioned serious defects and irregularities, many of which the average consumer would not be aware of yet incur the potential negative outcomes as a consequence.

 

The business of security is a serious one, and no one should ever be sold a product that provides a false sense of security or does not fully comply with nationally recognized industry standards and best practices.

 

 

 

Posted in Main | Leave a comment

AlarmForce Admits to Wrongfully Charging Monitoring Fees After Subscription Cancellations

AlarmForce said its policy review resulted from due diligence undertaken during a potential sale process.

By Rodney Bosch · August 24, 2016

Retroactive to Aug. 1, 2013, residential customers who have been incorrectly charged monitoring fees subsequent to the cancellation date will receive a refund of those charges, plus interest, the company announced in a news release. AlarmForce said it is considering its cancellation and other practices relating to existing residential customer contracts in all jurisdictions.

The company said its review, in part, resulted from due diligence undertaken during a potential sale process. During the course of the review, the company’s cancellation practice was raised as an issue. With the assistance of outside advisors, AlarmForce determined that immediate action was required to change the practice to resolve the issue.

AlarmForce also announced that as a result of this change in practice, it is undertaking a detailed examination of its revenue recognition policies for the periods starting fiscal Q4 2013 for revenue generated from customer contracts after a customer had requested cancellation of services. Where legislation governing consumer agreements prohibit charges made after cancellation notices, the company’s preliminary conclusion is that the cancelled subscription revenue should not have been recognized.

AlarmForce said it may need to restate reported revenue for some or all such previously reported financial results in relation to charges previously recognized from cancelled customer agreements where the company’s practice did not comply with such legislation.

Due to the scope and work involved in this review, the company does not expect it will have completed the necessary work to assess any required restatement and for the reporting of its quarterly financial results by Sept. 14. The company said it will provide timely updates as to the expected date of reporting of its financial results.

AlarmForce said it has been reassessed by tax authorities for the State of Florida in relation to the company’s classification of installers as independent contractors. The Florida tax authorities have taken the position that the company’s contract installers should have been classified as employees.

The company is currently subject to two upcoming audits —  an IRS Employment Tax Examination for 2014, and an audit under the Employer Health Tax Act in Ontario, Canada, commencing in September. Consequently, the company is considering possible employee tax liabilities in connection with the classification of its independent contractors and is currently evaluating the impact of whether this possible liability affects Q3 2016 or prior periods.

The company said it is considering how it will address classification of installers. A decision to convert installation personnel into employees will increase operating costs.

 

Posted in Main | Leave a comment

Smart Electrical Socket Could Be Exploited to Hack Email

A vulnerability in a popular brand of smart electrical sockets has been found that could allow hackers to spread malicious software to connected devices.

Researchers have discovered that attackers could take advantage of a feature that allows the undisclosed smart electrical socket to send emails to the user every time it switches on and off.

By Rodney Bosch · August 19, 2016

BUCHAREST, Romania— A smart electrical socket that could allow a hacker to turn power outlets into botnets, read your email, and even set your house on fire if you connect an appliance that could overheat? Those nightmarish scenarios are all possible, according to security researchers.

Researchers at cybersecurity software firm Bitdefender, based here, have identified a vulnerability in an undisclosed popular brand of smart electrical socket they say could be hijacked by an attacker, reportsmotherboard.vice.com.

The vulnerable socket plugs into a regular one, and allows users to schedule the activity of any dumb electronic device, with the help of a smartphone. The app is available for both iOS and Android platforms, and there have been over 10,000 downloads from Google Play alone, according to the article. Bitdefender contacted the smart socket vendor, which has said they will release a fix during Q3 2016.

Among the most destructive actions someone could perform is to wipe the existing software on the socket and to replace it with malicious one, researchers said.

“Up until now most IoT vulnerabilities could be exploited only in the proximity of the smart home they were serving, however, this flaw allows hackers to control devices over the Internet,” Alexandru Balan, chief security researcher at Bitdefender, told Motherboard. “This is a serious vulnerability, we could see botnets made up of these power outlets.”

Researchers who analyzed the power outlet have found several security issues, including a weak username and password combination that users are not alerted to change. Experts have also noticed that, during configuration, the app sends WiFi credentials in clear text over the network.

In addition, when the device communicates with the app, the information passes through the vendor’s servers unencrypted. It’s only encoded, a process that’s easily reverse engineered.

Researchers have also discovered that attackers could take advantage of a feature that allows the device to send emails to the user every time it switches on and off.

Bitdefender outlines two possible attacks, which the company tested in an environment similar to the common home. The article continues:

They say hackers can compromise the email account of the user, if two-factor authentication is disabled. Attackers have to know the MAC address of the device and the default password. With that, they can reschedule the smart socket, or access all the information the device come into contact with, including email credentials.

Another hack that can be performed requires a little bit of coding. When typing a password, the “;” symbol can be misinterpreted as the end of a command. Someone might use this to their advantage, and instead of typing a password, they might type instructions for the device to perform a malicious action. Usernames and passwords should be stripped of characters such as commas or semicolons, in order to prevent command injections.

“When an attacker exploits this flaw, the commands specified in the new password overwrite the root password and can open the embedded Telnet service. Using Telnet, an attacker, regardless of his location, can send commands to stop/start/schedule the device, as well as to execute rogue commands, including running malicious firmware to achieve persistence or using the device to perform attacks on other computers or devices inside the local network,” Bitdefender said in a paper.

The consequences for users can can extend to losing control of all their network-connected devices as they become weapons of attack in a cyber-criminal network, as well as to exposing their email accounts and their contents, security researcher George Cabau told Motherboard.

 

Posted in Main | Leave a comment