Hacked! Why Home Security Camera Installs Should Be Left to Pros

When selling video surveillance systems to would-be DIYs, remind customers about all the cybersecurity hacks out there, especially through IP cameras.

   Jump to Comments
Hacked! Why Home Security Camera Installs Should Be Left to ProsRemote networking, monitoring and management tools like SnapAV’s Luma + OvrC can help customers protect their surveillance systems from hacking.

Over the last year there have been several high-profile hacking events, including a distributed denial of service (DDoS) attack on Dyn, the Internet performance management company, which shut down major websites across the East Coast, and the much more recent Equifax breach.

Hackers are consistently working to take advantage of weaknesses, and security systems are a top target on their list. One of the more common devices in these systems is the IP camera  — it’s incredibly common, and many are inexpensive and poorly maintained.

Yet these products can be so simple and inexpensive for DIYs to install themselves, why would they need a pro for the job? Consider that getting the cameras and recorders up and running is the easy part. Maintaining these products and services over time is actually the hard part.

Manufacturers forget to mention this, even with a small asterisk, when they tell you, “It’s so easy your grandmother can do it.”

Remote networking, monitoring and management tools like SnapAV’s Luma + OvrC can help customers protect their surveillance systems from hacking. Recently, several surveillance manufacturers, including some really big ones, have announced known exploits on their systems that have comprised not only home security by the Internet in general. (See the running list at CVE, Common Vulnerabilities and Exposures.)

Breaches through cameras and other IoT devices remain a constant and ever-changing threat.  Professional installers should make sure the products are connected over a secure network, administered properly and updated constantly to ward off the latest Internet security threats.

In selling surveillance — even DIY products — remind clients that a security system is just like any piece of software that needs to be maintained and updated. New firmware is available on a regular basis to fix security threats, as well as address known issues and add new features (same is true for most connected devices).

Security systems should always be running on the latest available firmware, which requires them to be updated frequently. When given the option, do consumers press the “upgrade now” button or, like many of us, do they cancel and put it off to a later date?

As for home-technology pros, updates can consume quite a bit of time if done manually. To update the firmware of a handful of cameras and a recorder might take an hour. But multiply that across 25 sites and you are talking about significant time — and cost.

Thankfully, there are remote management systems that can ease this burden — simplifying the process and greatly reducing the time it takes to keep your customers’ security systems up to date. This includes instant notifications when new firmware is released, the ability to update remotely, and more.

Posted in Main | Leave a comment

Annual Revenue for Residential Monitored Security to Exceed $14B by 2020

New research by Parks Associates also shows that 20% of U.S. broadband households plan to purchase a network camera in the next 12 months.

   Jump to Comments
Annual Revenue for Residential Monitored Security to Exceed $14B by 2020 

DALLAS — New research by Parks Associates reveals that more than 26 million U.S. broadband households will have professionally monitored security by 2021, and that total annual revenue for professionally monitored security in U.S. households will exceed $14 billion by 2020.

“The residential security industry is changing along many dimensions,” says Tom Kerber, director of IoT Strategy, Parks Associates. “The addition of interactive services and home control products has expanded the market and changed the value chain and competitive landscape. Cable and telecom operators have entered the market with security services. New approaches to selling professional monitoring including self-installed solutions and on-demand monitoring services, and service providers are working to expand the market by connecting smart products to monitoring services.”

Another report titled, Smart Home Devices: User Experience, shows that security is the strongest driver for smart home adoption.

Among U.S. smart home device owners, 37% made the purchase to keep their home safe, while 29% wanted to monitor their home while away.

One-fifth of U.S. broadband households plan to purchase a smart all-in-one security product in the next 12 months, and another 20% plan to purchase a networked camera, according to the report.

“The residential security market has experienced continued growth, and the introduction of smart devices and services has opened new opportunities to bring more U.S. homes into the security market,” says Kerber. “Security providers must adapt to this trend and embrace the new IoT reality, which will expand the market for monitoring services and ultimately bring provider higher revenues.”

Posted in Main | Leave a comment

Robot Security Guard Drowns in Office Water Fountain

The Knightscope security robot has issued a statement after falling into a water fountain at an office and retail complex in Washington D.C.

Robot Security Guard Drowns in Office Water FountainPhoto Credit: Greg Pinelo‏

WASHINGTON, D.C. — A  K5 security robot by Knightscope was discovered face-down in the Washington Harbour office and retail complex water fountain yesterday afternoon.

The robot was on its daily rounds when it decided to roll down the stairs and into the fountain. It had only been patrolling for a few days according to a local office worker.

The robot, which is 5-feet tall and weighs 300 pounds, is designed to avoid confrontations. It uses sensors and analytics to detect unusual activity and report it back to humans to investigate.

Knightscope issued a statement saying the incident is under investigation, and described it as an “isolated incident.”

A new robot will be delivered to Washington Harbour this week for free.

Knightscope’s security robot made headlines this past April when a drunk man got into an altercation with one at the company’s HQ.

The man was charged with prowling and public intoxication, claiming to be an engineer who was “testing” the robot.

Of course a drowning robot has sent the internet into a frenzy. Fortunately, Knightscope has a good sense of humor about the situation, tweeting the following explanation from the security robot:knightscope security robot

Those who are worried about robots taking over the world should rest easy tonight — they can’t even swim yet.

Posted in Main | Leave a comment

7 Benefits of Having an Integrated Security System

From boosting productivity, to conflict resolution, integrating a security system can benefit businesses in many way

By Ahmad Hamidi · June 5, 2017

Business security is a complex issue that we tend to ignore until it’s too late. In today’s environment, putting up surveillance cameras or contracting a guard service provider is simply not enough from a security liability perspective.

Optimal security solutions can only be achieved by integrating security systems that fit each business’s unique requirements.

What is an Integrated Security System?

An integrated security system takes multi-layered security systems and integrates them into one solution. For example, a business can have the following security systems:

  • Video Surveillance
  • Access Control
  • Intrusion Alarm
  • P.A System
  • Uniformed Guard Service

Here is how an integrated security system can benefit your business.

1. Efficiency


Running a business comes with an abundant amount of high-order tasks, one of them being the company’s security. An integrated security system in any industry will allow businesses to flourish more effectively and efficiently.

Assigning a specific role for a specific person in regards to the different sectors of the integrated security system will allow the team member to utilize their skills, specifically in that area, ultimately ensuring the management team that the tasks assigned to that specific person will make a grand shift in the company’s efficiency.

2. Centralization


An integrated security system will allow a businesses security operations to become centralized. Management teams and business owners can now get a full report from one area rather then needing to speak to all areas of their integrated security system.

This not only is a time saver, but also allows a more organized work flow for businesses.

3. Theft Prevention


No matter what kind of industry one works in, they always have to be prepared for the unexpected theft. Whether internal theft or external theft, it can be overwhelming.

According to the Kroll Annual Global Theft Report, theft remains predominantly an inside job. The 2016 figures show that 60% of frauds are committed by insiders, up from 55% the year before. Ways to prevent moments like these is to integrate a specifically catered security system for your business.

4. Real Time Monitoring


With multiple security systems, business management teams are able to see what is going on within their facilities and areas of work instantly, if needed. However business owners and management teams don’t always spend all their time on the properties and can’t always ensure themselves that everything is running smoothly.

However, with real time monitoring, that task has turned into a simple system, accessible with a click of a button on your phone, tablet or computer.

5. Conflict Resolution


Some integrated security systems come with a package of video surveillance, access control, intrusion alarms, PA systems and uniformed guard services.

All of these elements will come forth if a problem were to arise in a work place, whether it be an internal/external burglary, attempted break-ins or just about any security threat that can occur at a business.

6. Boost Productivity


At any business, an integrated security system is a guarantee to boosting productivity in the workspace. According to Kristin Morgan at St. Francis University, “Employee monitoring is being used to increase customer satisfaction, improve employee performance and enhance productivity,”.

This allows business owners to monitor their employee activities as it is one of the most essential points in protecting their businesses from unwanted actions at the workplace.

7. Business Savings


In the long run, having an integrated security system will allow your business to save money and be protected. Otherwise, in the case of a theft, burglary or robbery, the business owners/management team would be held liable for all the losses with nowhere to turn to.

With an integrated security system, businesses have multiple outlets to look into and see what occurred, why it occurred or the possibility of those events not even taking place at all.

So organizations need to be proactive for their business security as failing to integrate the latest security system in your business can lead to an increased risk of a major security breach.

Posted in Main | Leave a comment

Alarm.com to Develop Drone Applications for Smart Home and Business Security

Alarmcom_drone_hovering_Alarmcom-Lab.jpgAt CES 2017, Alarm.com announced plans to develop autonomous, video-enabled drone applications to extend the capabilities of smart home and business security systems. Alarm.com’s multi-sensor awareness and property intelligence, together with the Qualcomm Snapdragon Flight drone platform, will deploy drones to investigate unexpected activity. The drones will be designed to autonomously navigate through the property and provide a high-resolution video feed to the property owner.

Alarm.com’s Insights Engine applies machine-learning algorithms to the growing data set generated by devices and sensors in a connected property. By recognizing complex activity patterns and detecting anomalies, Alarm.com can proactively respond to events on behalf of the user, the company reported. Alarm.com intends to leverage these insights to intelligently deploy video-enabled drones to the location where unexpected activity was detected or when an alarm was triggered. Strict, opt-in privacy controls will enable the property owner to easily share the video feed with a central monitoring station and emergency responders.

“This is a very interesting application for drones, which at their core are essentially flying cameras, and by using other advanced capabilities of our Snapdragon processors, Alarm.com is designing a whole new way to provide security to properties,” said Hugo Swart, senior director, product management, Qualcomm Technologies Inc. “The Qualcomm Snapdragon Flight platform pushes the boundaries of the drone industry and has led to many new form factors and use cases, and Alarm.com, with its security expertise, is taking commercial and residential security systems to the next level by integrating intelligent and cutting edge drones to its solutions.”

Daniel Kerzner, Alarm.com’s chief product officer, said, “Alarm.com has been a pioneer in the smart home and business security space. By analyzing data across the devices on our platform, we have created unique capabilities that make properties safer, smarter and more efficient. We’re excited to use Qualcomm Snapdragon Flight to develop similar applications for drones. Our intelligent drone deployment system will be designed to provide targeted video in response to specific events around a property, augmenting fixed location cameras and enhancing the active security perimeter for homes and businesses.”

Posted in Main | Leave a comment

SimpliSafe DIY Security System Investigation Yields Disturbing Results

DIY home security systems provider SimpliSafe has quickly amassed a large customer base. However, an independent forensic analysis shoots holes in the company’s model, claims and technology.

SimpliSafe — a DIY wireless alarm system that is shipped directly to consumers — ranges in price from $230-$540 depending on the package and equipment.

By Jeff Zwirn · November 1, 2016


Posing as an ordinary consumer, I recently purchased a SimpliSafe package in order to forensically investigate if claims about its products, compared to professional alarm contractors and the products that the alarm industry offers to the public, are accurate.

I also wanted to technically quantify if the representations of SimpliSafe offering an “advanced home security system” were factual.

To that end, I started by reading the SimpliSafe end-user and/or instruction manual. I then set up the system and proceeded to contact the Boston-headquartered company’s technical support department several times to ask about its products and services.

These questions were related to issues either not clarified and/or not disclosed through its website or in the system installation instructions.

What Exactly Is SimpliSafe?

SimpliSafe is a $229.96 and up to $539.95 and more (depending on the package and equipment) DIY wireless alarm system that is shipped to consumers directly.

The system consists of:

  • A base station
  • Keypad
  • Door contacts
  • Motion sensors
  • Glassbreak sensors
  • CO detectors
  • Smoke detectors
  • Water sensors
  • Freeze sensors
  • Wireless siren (in addition to the base station’s built-in siren)
  • Wireless panic button and/or keychain remote

The remote contains the SimpliSafe Easy Setup Wizard, a software program that provides animated instructions and allows system customization. The system uses an onboard cellular transmitter for central station monitoring. Subscribers receive text messages as well as other dispatch and notification services, standardly provided by central stations upon receipt of signals from the subscriber’s premises.

Subscribers do not sign annual or multiyear monitoring contracts, but instead are offered month-to-month monitoring at $14.99 per month.

SimpliSafe wants you to hide your base station with a lampshade.

In just a few years, the company has reportedly sold 200,000 systems … quite a success story. SimpliSafe’s website states that CEO and Chief Engineer Chad Laurans relied on his electrical engineering degree from Yale and an MBA from Harvard to design “an advanced home security system.”

The website goes on to state, “With so many people [meaning the alarm industry] making a profit, they need to use sneaky tactics to extract money from you. Their alarms use old wired technology and they’re hard to use (so you need to pay a service engineer for even the most straightforward task). SimpliSafe has sliced out shady annual contracts, intrusive installations and costly middlemen. We designed our system from scratch to give you everything you need in a security system plus some exciting bells and whistles.”

These audacious statements have drawn the ire of those within the security industry. And while that is enough for serious consternation, what is even more alarming, based on my findings, is that SimpliSafe has been concealing key information from the public with regard to its claims, assertions, systems and service.

Indeed, after inspecting the SimpliSafe equipment components, I identified what I believe are a profusion of irregularities.

The Complete System Is Not NRTL Listed

Let’s first look at the functional brains of the system: the base station.

While the wireless smoke detector and wireless carbon monoxide (CO) detectors are listed and labeled by Intertek, a Nationally Recognized Testing Laboratory (NRTL), and are in accordance with applicable statutory requirements of the National Electrical Code, NFPA 70 and UL standards, none of the other SimpliSafe devices are NRTL listed.

That includes, most importantly, the base station/control panel, which is required to be listed by an NRTL. The system manual references UL 985 and NFPA 72, but the fact that the base station is not listed is astonishingly absent from SimpliSafe’s website and marketing materials.

This means that only some of the system’s components are NRTL listed to UL Standards.

The purpose of independent third-party testing like this is to independently verify safety and reliability of the product to show that it meets universally adopted standards and codes.

Jeffrey Zwrin posed as an ordinary consumer to investigate SimpliSafe's products

Forensic alarm and security expert Jeff Zwirn puts a SimpliSafe system through its paces.

Such testing is required by NFPA 70 for the security and life-safety portions of the system when utilized, and is accepted as a nationally recognized industry standard and best practice.

The system’s base station is packaged together within an approximately 10.5-inch-high plastic lighted hub around the lower portion of its cone-type housing. Components in the system include:

  • Logic boards
  • A small siren
  • Cellular wireless radio transmitter
  • Wireless receiver
  • AC power input jack
  • Backup rechargeable batteries

Unlike an alarm control panel that is located in a basement or hidden in a closet, the sleek SimpliSafe base station is designed to be visible in the living area. Thus, it is more susceptible to physical destruction by an intruder, which would render the system nonfunctional and useless.

I was told by a SimpliSafe representative that the consumer, being me in this case, should consider placing a lampshade on top of it for a disguise.

At the same time, in response to questions I had for SimpliSafe, I received an email response and admissions stating in part that, while its base station is not UL Listed, it is tested (by the company itself) to meet UL standards. Importantly, there is no mention of the product meeting the compliance requirements, testing and successful listing mandates of UL 1023 and UL 985.

SimpliSafe does not use best practices

Therefore the information in the email is false. That is not the equivalent of the proper UL Listing. All of the system’s wireless keypads, sirens, key fobs, door and window transmitters, motion detectors and audio glass-break detectors are also not UL Listed or listed by any NRTL. There are also no tamper switches on any of the wireless transmitters.

So, if an intruder forcibly broke a glass window that only contained a contact, he could simply remove the cover of the transmitter to gain access to its internal battery. The SimpliSafe system would fail instantly.

This SimpliSafe design and equipment does not at all compare to what the professional alarm industry uses, is not “advanced,” and does not comport with nationally recognized industry standards and best practices.


Customer Service Reps Don’t Help


Continuing on with my investigative interview, I asked more questions of SimpliSafe’s support department representatives and the answers were remarkable.


The system manual curiously references UL 985, which is the UL standard for Household Fire Warning System Units. According to technical support representatives I spoke with, UL 985 means the transformer is to be secured to the wall with a bracket, which the company will send you for free if required.


Importantly, that is all the SimpliSafe tech support reps believe UL 985 requires to be provided, to the extent the local jurisdiction has the same requirement.


Not only was the information provided grossly inaccurate, but the plug-in portion of the system’s transformer that connects to the base station is not equipped to provide for restraining means, so it can easily be unplugged, accidentally or otherwise. Stated differently, the wireless smoke and CO detectors that SimpliSafe provides to consumers are listed, but the base station that receives the signal, activates an alarm and notifies the remote supervising station is not.


Therefore, SimpliSafe products are not in compliance with nationally recognized industry standards and best practices. They do not even meet Radio Shack control panel standards of the past as even this equipment was UL Listed.


Ineffective Sirens and Alarms


Moreover, I was advised by the SimpliSafe customer service rep that if a burglar alarm, panic alarm, smoke detector or CO detector activates, the system’s siren does not have the technical capability to distinctly sound such that the consumer could discriminate among the sources of impending danger.


This critical feature is required by NFPA 72 of The National Fire Alarm and Signaling Code. It was required in the National Fire Alarm Code as well, for fire alarm and CO detector equipment, through the use of Temporal 3 and Temporal 4 sounding.


SimpliSafe is extremely prone to hacking. It also doesn't help that the home station is in plain sight for intruders


Instead, the SimpliSafe consumer does not know what caused the alarm and must go to the keypad to retrieve that information, or await a text message, wasting critical time before knowing the nature of danger detected by the system. The latter assumes their cellphone is on and/or that it has functional wireless connectivity.


The wireless SimpliSafe siren is not properly supervised and not listed, plus the system’s base station and the central station do not receive any trouble signal if the unit fails. Only a local beep sounds during certain times when its batteries get low. This configuration alone does not meet the mandates and requirements set forth in NFPA 72 or applicable UL standards, and does not meet nationally recognized industry standards and best practices.


Also, the siren is not listed by an NRTL. Without proper supervision and reliable audibility, the occupants of the home will not be promptly alerted and warned of a life-safety emergency.


Additionally, consumers are not likely to recognize the importance of having sounders that are loud enough and in the right locations in order to alert and warn them of an emergency.


There is no warning in the SimpliSafe manual to instruct the end user about how important audibility is on all life-safety systems. It should also be noted that the base station has an onboard siren measuring approximately 2.25 inches in diameter integrated into its bottom.


SimpliSafe represents the siren produces 85dBs of sound. However, since the siren is facing downward, and is partially enclosed in the base station, I found it to be muffled during activations. The wireless, non-supervised siren is represented by SimpliSafe to be 105dB.


Simplisafe uses an outside monitoring agency, just like the alarm companies it bashes


Company personnel advised me it can be installed outdoors, even though it has no tamper switches and is not listed or recognized to be placed in an outside environment, or even designed to any standard to be exposed to the elements.


So if the SimpliSafe system activates due to detection of a life-safety emergency from a wireless smoke or CO detector in the basement of the home (with the base station of the system on the first floor), anyone sleeping on the second floor would have difficulty being alerted in accordance with NFPA 72 audibility requirements. They, in part, require the fire alarm sounder to be 15dBs over the ambient noise level at pillow.


The company rep I spoke with said NFPA 72 has nothing to say about sirens. Even though the system’s manual references NFPA 72, when I asked the tech support rep if he had a copy of it, I was told SimpliSafe is a paperless company and that I should Google it.


The System Relies on Pro Monitoring


The in-house rep also told me that SimpliSafe’s components are better because they are wireless. However, they do not have encrypted wireless technology available.


I was also told its wireless smoke and CO detectors cover 300 square feet. Typically, smoke detectors sold by the professional alarm industry protect an area of up to 900 square feet. And CO detectors, which are time-based to only detect high levels of CO starting at 70 ppm, take 60-240 minutes sustained at the detector before an alarm activation will occur under UL 2034.


The company rep reiterated the marketing claim that SimpliSafe is the better alternative to professional alarm systems since you cannot cut any wiring. But the cutting of any protective loop wiring on a normally closed burglary alarm circuit triggers the alarm system; it does not impair it.


The SimpliSafe base station has a blue light on it, making it easy to spot for intruders.

The SimpliSafe base station has a blue light on it, making it easy to spot for intruders.


The base station, which has a blue light on it, is recommended to be mounted near a window. So the unit would be vulnerable to an intruder to render it nonfunctional.


It should be noted that when the system goes into alarm its blue light turns off, supposedly making it difficult for an intruder to find it. But the sound of the system’s onboard siren still comes from its base station, which in my opinion makes it easily identifiable with or without the light.


Plus, all an intruder would need to do to know how the system works (and can be defeated) is to note SimpliSafe’s decals or yard signs, and then reference its website.


With regard to system monitoring, SimpliSafe uses a nationally known subcontract UL-Listed Five Diamond CSAA Central Monitoring Station whose primary target audience is professional alarm dealers. That’s interesting since SimpliSafe’s broad marketing brushstroke, with its powerful Internet and social media campaigns, is intent on damaging the reputation of professional alarm companies while the company uses the same type of monitoring services itself.


In the SimpliSafe manual, it states the system should be tested by a “qualified” technician every three years, which came from earlier editions of NFPA 72. However, the 2010 edition of NFPA, per Table 14.3.1, requires annual testing. I asked the rep who that would be, meaning who would the consumer call? Would I have to call an alarm company to perform this test?


SimpliSafe products are not in compliance with nationally recognized industry standards and best practices … they do not even meet Radio Shack control panel standards of the past.


I was advised by the rep that the local fire marshal would do this task. However, NFPA 72 defines what a qualified technician is and fire marshals generally do not have the core qualifications, let alone perform this service for consumers or have the time to do so.


On another call to SimpliSafe support, I was told a handyman or a “certified” handyman (certified in what, I thought) could perform the task. If unqualified persons test life-safety systems, as recommended by SimpliSafe, the results may be unreliable and potentially catastrophic to persons relying on these systems during an emergency.


Lastly, a rep stated the company could test the system over the phone with the customer, which again is not the intent of this NFPA 72 requirement.


SimpliSafe also states that its base station contains eight hours of standby time if the primary AC transformer power fails to the system. However, for systems equipped with life-safety detectors, NFPA 72 mandates and requires 24 hours of standby time when primary power fails to a control panel set, in addition to four minutes of alarm time.


How can any company refer its customers to NFPA 72 in its installation manual yet not be familiar with NFPA 72 or design its products to be in compliance with it?


Monitoring Is Nontransferable


Focusing on training, the rep told me they get their training directly from SimpliSafe in-house, and that the company’s president cares about his employees and customers. SimpliSafe touts you can sign up on a month-to-month contract and not be locked in to a long-term monitoring contract by the alarm industry. When I asked if I can cancel its monitoring and contract with another central station, I was given a flat-out no, and the news that I would be left with a local alarm system only.


Therefore, by design, SimpliSafe sells its monitored product and if you cancel, the system cannot be monitored by any other central station (ever).


SimpliSafe should disclose this to consumers, as it is clearly relevant. At least with so-called long-term monitoring contracts, most alarm companies will allow the customer to contract with another central station at the conclusion of the monitoring contract.


Coming full circle, in no way should SimpliSafe’s system be considered as providing advanced or comprehensive security. In my opinion, the company’s actions and inactions demonstrate a disregard for its consumers and their families, who rely on SimpliSafe for security and life safety.


SimpliSafe should take responsibility and address the aforementioned serious defects and irregularities, many of which the average consumer would not be aware of yet incur the potential negative outcomes as a consequence.


The business of security is a serious one, and no one should ever be sold a product that provides a false sense of security or does not fully comply with nationally recognized industry standards and best practices.




Posted in Main | Leave a comment

AlarmForce Admits to Wrongfully Charging Monitoring Fees After Subscription Cancellations

AlarmForce said its policy review resulted from due diligence undertaken during a potential sale process.

By Rodney Bosch · August 24, 2016

Retroactive to Aug. 1, 2013, residential customers who have been incorrectly charged monitoring fees subsequent to the cancellation date will receive a refund of those charges, plus interest, the company announced in a news release. AlarmForce said it is considering its cancellation and other practices relating to existing residential customer contracts in all jurisdictions.

The company said its review, in part, resulted from due diligence undertaken during a potential sale process. During the course of the review, the company’s cancellation practice was raised as an issue. With the assistance of outside advisors, AlarmForce determined that immediate action was required to change the practice to resolve the issue.

AlarmForce also announced that as a result of this change in practice, it is undertaking a detailed examination of its revenue recognition policies for the periods starting fiscal Q4 2013 for revenue generated from customer contracts after a customer had requested cancellation of services. Where legislation governing consumer agreements prohibit charges made after cancellation notices, the company’s preliminary conclusion is that the cancelled subscription revenue should not have been recognized.

AlarmForce said it may need to restate reported revenue for some or all such previously reported financial results in relation to charges previously recognized from cancelled customer agreements where the company’s practice did not comply with such legislation.

Due to the scope and work involved in this review, the company does not expect it will have completed the necessary work to assess any required restatement and for the reporting of its quarterly financial results by Sept. 14. The company said it will provide timely updates as to the expected date of reporting of its financial results.

AlarmForce said it has been reassessed by tax authorities for the State of Florida in relation to the company’s classification of installers as independent contractors. The Florida tax authorities have taken the position that the company’s contract installers should have been classified as employees.

The company is currently subject to two upcoming audits —  an IRS Employment Tax Examination for 2014, and an audit under the Employer Health Tax Act in Ontario, Canada, commencing in September. Consequently, the company is considering possible employee tax liabilities in connection with the classification of its independent contractors and is currently evaluating the impact of whether this possible liability affects Q3 2016 or prior periods.

The company said it is considering how it will address classification of installers. A decision to convert installation personnel into employees will increase operating costs.


Posted in Main | Leave a comment

Smart Electrical Socket Could Be Exploited to Hack Email

A vulnerability in a popular brand of smart electrical sockets has been found that could allow hackers to spread malicious software to connected devices.

Researchers have discovered that attackers could take advantage of a feature that allows the undisclosed smart electrical socket to send emails to the user every time it switches on and off.

By Rodney Bosch · August 19, 2016

BUCHAREST, Romania— A smart electrical socket that could allow a hacker to turn power outlets into botnets, read your email, and even set your house on fire if you connect an appliance that could overheat? Those nightmarish scenarios are all possible, according to security researchers.

Researchers at cybersecurity software firm Bitdefender, based here, have identified a vulnerability in an undisclosed popular brand of smart electrical socket they say could be hijacked by an attacker, reportsmotherboard.vice.com.

The vulnerable socket plugs into a regular one, and allows users to schedule the activity of any dumb electronic device, with the help of a smartphone. The app is available for both iOS and Android platforms, and there have been over 10,000 downloads from Google Play alone, according to the article. Bitdefender contacted the smart socket vendor, which has said they will release a fix during Q3 2016.

Among the most destructive actions someone could perform is to wipe the existing software on the socket and to replace it with malicious one, researchers said.

“Up until now most IoT vulnerabilities could be exploited only in the proximity of the smart home they were serving, however, this flaw allows hackers to control devices over the Internet,” Alexandru Balan, chief security researcher at Bitdefender, told Motherboard. “This is a serious vulnerability, we could see botnets made up of these power outlets.”

Researchers who analyzed the power outlet have found several security issues, including a weak username and password combination that users are not alerted to change. Experts have also noticed that, during configuration, the app sends WiFi credentials in clear text over the network.

In addition, when the device communicates with the app, the information passes through the vendor’s servers unencrypted. It’s only encoded, a process that’s easily reverse engineered.

Researchers have also discovered that attackers could take advantage of a feature that allows the device to send emails to the user every time it switches on and off.

Bitdefender outlines two possible attacks, which the company tested in an environment similar to the common home. The article continues:

They say hackers can compromise the email account of the user, if two-factor authentication is disabled. Attackers have to know the MAC address of the device and the default password. With that, they can reschedule the smart socket, or access all the information the device come into contact with, including email credentials.

Another hack that can be performed requires a little bit of coding. When typing a password, the “;” symbol can be misinterpreted as the end of a command. Someone might use this to their advantage, and instead of typing a password, they might type instructions for the device to perform a malicious action. Usernames and passwords should be stripped of characters such as commas or semicolons, in order to prevent command injections.

“When an attacker exploits this flaw, the commands specified in the new password overwrite the root password and can open the embedded Telnet service. Using Telnet, an attacker, regardless of his location, can send commands to stop/start/schedule the device, as well as to execute rogue commands, including running malicious firmware to achieve persistence or using the device to perform attacks on other computers or devices inside the local network,” Bitdefender said in a paper.

The consequences for users can can extend to losing control of all their network-connected devices as they become weapons of attack in a cyber-criminal network, as well as to exposing their email accounts and their contents, security researcher George Cabau told Motherboard.


Posted in Main | Leave a comment

DIY Systems Provider Goes Too Far in Ad Attacking Electronic Security Industry

Boston-based SimpliSafe attacked the home security industry, painting alarm companies as enemies looking to take advantage of customers.

SimpliSafe is a hybrid residential and small business security systems provider that sells DIY kits.

By Scott Goldfine · August 4, 2016


I’m mad as hell and I’m not going to take it anymore!

That’s how I feel after coming across an inflammatory ad seeking to discredit the entire security alarm industry.

The offending company first drew my attention last year with testimonial-oriented TV ads highlighting its offering was different from traditional alarm systems. The ante (and my pulse) was raised when I began to hear radio and podcast ads more openly critical of the “traditional” alarm industry.

However, the recent print magazine campaign I encountered is, in my opinion, an all-out declaration of war on our industry and as such has my blood boiling.

The egregious and antagonistic act was inflicted by SimpliSafe, a Boston-headquartered hybrid residential and small business security systems provider that sells prepackaged self-installed (DIY) kits online, with alarm monitoring principally handled by Roselle, N.J.-based AMCEST’s wholesale central station ($14.99/month to customers).

Having grown to more than 250 employees and a claimed 500,000+ customers, SimpliSafe’s aggressive marketing has been fueled by funding from investors such as Sequoia Capital’s $57 million infusion in 2014. Founded by Ivy League graduate and current CEO Chad Laurans, the company presently offers some 10 wireless home and light commercial packages priced from the $229.96 “Starter” set to the $539.85 “Ultimate” option.

RelatedSimpliSafe DIY Home Security System ‘Inherently Insecure’ and Prone to Hacking, Report Finds


The giant incendiary headline reads: “There is something TERRIBLY WRONG with the Home Security Industry.”

The body copy includes these assertions: “Most alarm companies take advantage of people who want to feel safe. They offer you a ‘free’ outdated alarm, but then require you to sign a long-term contract full of nasty fine print. It’s pretty sickening really. Our founder, a Harvard engineer, studied the alarm industry and found all kinds of problems with it.”

During my nearly two decades in this business, I have seen many newcomers to the electronic security field deploying all kinds of strategies and making lots of claims. But never have I witnessed — particularly on such a large, nationwide scale — the brazen bashing and venom spewing now being aimed at our great, proud and proven industry by this bile-pedaling excuse for a security company.

It’s more than hitting below the belt; it is an affront to everything for which we stand. Further, it undermines the well-deserved and hard-earned faith and trust we have instilled among the public.

It’s bad enough our industry has had to contend with losing customers to deceptive sales practices and get bombarded with rampant news reports of consumers being victimized by alarm company scams. We all know, and to their credit some of our trade associations’ high-profile companies have stepped forward to publicize the fact that those cases are a few bad apples and low-end bottom feeders that are not truly representative of the industry overall (media sensationalism also plays a role).

It’s more than hitting below the belt; it is an affront to everything for which we stand. Further, it undermines the well-deserved and hard-earned faith and trust we have instilled among the public.

The closest parallel I can draw to SimpliSafe’s negative campaign is the alarm industry’s conflict with law enforcement regarding false alarms, and the few highly vocal detractors who pushed for nonresponse and excessive penalties. Thanks to better equipment and practices, along with vigilance from organizations like the Security Industry Alarm Coalition (SIAC), false alarms have been reduced and relationships with first responders much improved. However, we had all better brace for a false alarms surge in the near future due to self-installed devices such as those sold by SimpliSafe.

No matter what anyone alleges, there is no substitute for a custom-tailored, professionally installed security system.

That issue is among several — not the least of which are misleading declarations and reports of system hacking vulnerabilities (sources tell me there have also been licensing snafus) — that tell me SimpliSafe ought not be throwing stones from its glass house. An outfit like that can’t touch the high skill and expertise, superior equipment, wider choice of products and services, and premium customer service, full-service operators in our business deliver on a daily basis.

DIY has its place in the market but there is no room for desperate, baseless ploys that soil the good name of our industry and its thousands of upstanding professionals.

However, just doing a good job is not enough. From grassroots to mass media, security firms and groups must actively promote the industry’s virtues and help ensure the public is exposed to balanced and truthful information.

Posted in Main | Leave a comment

Smart Home Market to Exceed $60B by 2021, Forecast Suggests

North America dominated the market in 2015. More awareness of energy savings as a result of smart home technology is one of the factors for the anticipated growth.

By SSI Staff · June 29, 2016

The global smart home market is expected to surpass $60 billion by 2021, according to a forecast by Research and Markets.

Increasing awareness of energy saving among customers, surging demand for real-time home security and growing technological advancements are anticipated to boost the global smart home market during the forecast period. In addition, backed by the expanding Internet of Things (IoT) market, booming M2M communication market and thriving touch-free intuitive gesture control market, the market is expected to register a healthy growth rate over the next five years.

North America dominated the smart home market in 2015, followed by Europe, Asia-Pacific, Middle East & Africa, and South America

“A smart home refers to a residence equipped with computing and information technology devices, which anticipates and responds to the needs of the owner in an efficient and effective manner. In a smart home, the owner can easily monitor and control a wide range of applications such as lighting control, access control, fire detection, leak detection, energy efficiency, etc. from anywhere via his/her smartphones or internet. Smart homes also use key cards or fingerprint identification in place of conventional locks, making it harder for someone to break-in.”


Posted in Main | Leave a comment