ADT Sued, Claimed 'Easily Hacked'
A lawsuit has been filed against ADT.
The class action complaint claims ADT's wireless systems are 'easily hacked', that ADT knows this and yet engages in 'deceptive and misleading marketing statements.'
In this note, we examine the details and the technical claims.
The *******
*** ***** ****** ********* ****** ****** "***’* ********* *** **************** **** *** ********* ** ********** with *** **** ** ******** **** security *********" *** ******* "***’* ******* ** ******* *********** ****** *** ******** *******" ******** ********** ***** ******** **** in ******* ******.
*** ******* ***** "********* *** ** ****** *** ********* materials *** ** ****** *** *********’ wireless *******" **** ******* *******.
** **** ****, ** ****** ** specific ******* ** **** *** ** the ******* *** ****** **** *** suit.
******
*** ******* ******* **** ***'* ******** security ******* *** *********** ** **** exploits **** ********* *** *******.
**********: *** **** ******** *** **** claims ** **** *** **** *********** wireless ************* ******* ******* *** *** main *****, ** **** ********* *** sniff *** *** '***' ****** ****** from ***** ********* **** ******************* ******* ********* *************** ***
*************, *** **** ****** ******* *** trigger * ***** ** ***** ******, potentially ********* ** ***** ******** ** arm ** *** ** ***********. *** other ******** ****** * ********* ***** local ****** **** ** ******* ******* to * '*******' **** **** * notoriously ****** ******, ******* *** ******** vulnerable ** **** ****** '** *****'.
*** **** ******** ********* *** ********* makes ** ***** **** ****** ******* ***** * cybersecurity*************** ** **** ****** *********** *******:
"** *** **** ** **** ****** with ** *** ****** ****** ** the ************ ** *** **********’* ******, who *** *** ** ****. *** different *******’ ******** *** *** *** same *******: ****** ******** ************** **** the *** **** ****** ** ******* or ************ *******.** ***** ** **** ** *** signals ***** **** **** ******* ** windows *** ***** ** *** **** control ****** ***** * ***** ***, meaning ** ***** *** ************* **** sensors — ***** *** **** **** when *** ****** ** ******* — and ***** **** ****** **** ******* and ******* ******* *** *****.**** * **** ************* ***, ** could ********* **** *************, ******* *** alarm *** ******* ** ******* ** doors **** ******* **** **** *****’* or ******* *** ****** ** **** it ******’* ** ***, **** ** doors *** ****.** ***** ** **** **** ** to *** ***** ****– ********* * house ****."
Issues **** *** ******
** *** *******, *** ***** ***** bear *** ** * **** ** least *** **** *** *******. *******, one ****** ** ** '*** ******' not ********* ** *** **** ** there ** ** ****** ** **** typical ***** ******. ***** *********** ******** ***** prove * ************* *** **** *********** grade *** ***** ********* *******,*** ******** **** ** ********* *******. ******* ** ***** *********** *******'****** ********' *** *** *** ***************** ********** **** ** ***** ***** sniffing *** *** ********* **** ******* difficult.
*************,***'* ******** ************* ***-**** *****, *** ***** ** ******** ****** about ********** ******** ********* *******, *** does ****** **** *** ******** ***** surveillance ******* ******** ***************** *** ****** *** ***, *** then************ ***** *** *** ***** *******.
Not **** ***
***** *** ** *** ****** ** the ****, ** ***** *********** *** potential **** ** *** **** ** ADT *******. ******, ***** ******** ***** systems **** ** ********** **** ****** and *********** *** ****** ******* ********** to *** **** ***** *******.
Improving ********
******* ********* ******** ** ******* *** nor ******, *** ******** ******** *** available ** ******** ****. **** ***** steps *******:
- ** *****: ******** ****** ** ****** ** it ** *** ****. **** ****** (labor *********), ***** ********* ******* *** still ********* *** *** ******** ** 'high-security' ***** *******. ****** ******** ***** systems ********** *** ********* **** ********* in *** *******.
- *** ****** ********:**** ***** ******** '****** ********' ** '********* *******' ************ ******* sensors *** ****** ***** ******* ** or ******* * ********** **** ********* difficult. *** ****** ** ****** ******** means *** ********** ********* ************** ****** between *********, *** *** ****** '****** to *** * ****** ******' ********* the **********.
Who ** *** *********?
*** ********* ** **** *. ***** and *** *** **** *********** *** *******, *** **** ***** **** **** of ***** ********, **** ** ***** of **********, ** ***** ****** ********. ********* ** *** ********, ***** *** ** ADT ***** ****** ********* ** *** home.
"*** ****** *** *********** ********* * times *** ****** *** ** **** to *** *****. ** ************ ******* that ***** **** ******** ******* **** were ********* **** ***** ******* ***** be ******** **** *********** **** *** wireless *******.** **** ** *** ** ********** to ****** ***** ****** **** **** are *** ** **** ** ***** homes ** *** *** **** **** to ******* *** **** ** ******* to **** *** ****** **** ******* to ******* *** ******** ******* ** they *** *** ** ***********."
***** ******* ** **** *** ***** action ******* *** ******* ********* *** Offices.
Another ambulance chasing "explitive" which will drive up everyone's cost of doing business yet again. Exactly right, you get what you pay for and most customers want cheap. That's why there is a no down monthly model to start with. Any system can be hacked, if you have access and the right tools. Some are easier than others. It should be buyer beware, do your homework and you get what you pay for although if the marketing / literature is intentionally false or very misleading someone should be accountable. These only end well for the attorneys anyway. Well, back to my good enough world where I only will pay for a product to work 90% of the time at 80% of it's potential.
Class action suits can and in some cases have driven substantitive change for the good. To be competitive the residential customer has to be offered a system that is false alarm free, dependable and simple at a low price. Wireless offers the reduction in installation labor and no one should expect the early generations of wireless intrusion components to equal current spread spectrum, encryption capable components. In this case however it's about revenue from settlements for the specialty law firms. I don't recall ever being misled by my local hardware store regarding risk and vulnerability but there's a warning label on my new axe, a design that hasn't changed in eons, not to cut my toes off.
I suppose next a written disclaimer that states taping a box over my passive infrared motion detector will affect coverage?
This sue in the media will teach intruders to look those ADT signs at homes to try them. And this could be worse than the weakness of the system.
I think it is fair to inform ADT customers about; to push ADT to give some "solution path" for legacy customers and another more inmediate solution for new customers; and warning future customers about.
But current users need time to get their problem solved before inform everyone else, I think.
Maybe the first thing to do is remove the signs, until the problem is solved.
This lawsuit could have consequences beyond the immediate lawsuit plaintiffs. What is impactful to companies using misleading advertising, is they are exposed to large losses if the technology used was a factor in a loss. The company contract with limits and exclusion to liability, run the risk of having the contract set aside and will lose the protection of these contract provisions.
This could also have a chill effect on financial institutions who have provided extensive financing (especially to ADT) for the purchase of these "impaired contracts".
"the purchase of these "impaired contracts".
For significant damages (beyond the cost of the service), wouldn't the contract holders have to actually be harmed by someone exploiting this vulnerability?
For instance, in drug lawsuits, typically the person has actually been harmed by the drug (e.g., 'I took drug X and now I have debilitating condition Y as a result"). Right now, even the cyber researcher and critics are not claiming anyone has exploited this potential vulnerability.
Btw, a US morning show posted this video last week:
At the end of the video, ADT gave a generic comment about being committed to security and improved technology, etc., etc.
Update: this has been settled for $16 million:
ADT recently announced a $16 million settlement of the lawsuits, translating into a nationwide class settlement, the payment of legal fees for class counsel and monetary awards for subscribers ranging from $15 to $45