ADT Sued, Claimed 'Easily Hacked'

Author: Brian Rhodes, Published on Nov 17, 2014

A lawsuit has been filed against ADT.

The class action complaint claims ADT's wireless systems are 'easily hacked', that ADT knows this and yet engages in 'deceptive and misleading marketing statements.'

In this note, we examine the details and the technical claims.

The Lawsuit

The class action complaint filing claims "ADT’s deceptive and unlawful business acts and practices in connection with the sale of wireless home security equipment" and alleges "ADT’s failure to encrypt or otherwise secure its wireless signals" violates commercial trade practice acts in several states.

The lawsuit seeks "requiring ADT to change its marketing materials and to secure its customers’ wireless systems" plus various damages.

At this date, no claims of specific damages or loss due to the exploit are listed with the suit.

Claims

The lawsuit alleges that ADT's wireless security systems are susceptible to easy exploits that criminals can execute.

Vulnerable: The core weakness the suit claims is that ADT uses unencrypted wireless communication between sensors and the main panel, so that criminals can sniff out and 'jam' actual alarms from being triggered with inexpensive software defined radio gear easily purchased for <$15.

Get Video Surveillance News In Your Inbox
Get Video Surveillance News In Your Inbox

Alternatively, the suit claims hackers can trigger a flood of false alarms, potentially resulting in users refusing to arm it out of frustration. The other scenario paints a situation where local police fail to eagerly respond to a 'routine' call from a notoriously errant system, leaving the facility vulnerable to real heists 'or worse'.

The main external reference the complaint makes is a July 2014 Forbes article where a cybersecurity reseacher claims to have hacked ADT wireless systems:

"He was able to play around with an ADT system thanks to the graciousness of his girlfriend’s father, who had one at home. The different vendors’ products all had the same problem: legacy wireless communications from the 90s that failed to encrypt or authenticate signals. He could be pick up the signals being sent from sensors on windows and doors to the main control system using a cheap SDR, meaning he could see transmissions from sensors — which are sent even when the system is unarmed — and track when people were opening and closing windows and doors. With a more sophisticated SDR, he could interfere with transmissions, setting the alarm off falsely by telling it doors were opening when they weren’t or jamming the system so that it wouldn’t go off, even if doors did open. He could do this from 65 to 250 yards away– basically a house over."

Issues With the Claims

On the surface, the claim could bear out as a risk at least for some ADT systems.  However, one aspect of an 'ADT System' not addressed in the suit is there is no single or even typical alarm system. While unencrypted wireless could prove a vulnerability for some residential grade and older intrusion systems, ADT installs over 20 different systems. Several of those prominently feature 'spread spectrum' and 128 AES encrypted wireless technology that at least makes sniffing out and tampering with systems difficult. 

Interestingly, ADT's flagship Pulse offering is Z-Wave based, and makes no explicit claims about encrypting wireless intrusion sensors, but does claims that the wireless video surveillance element uses WPA2 encryption between the camera and hub, and then HTTPS between local hub and cloud servers.

Not Just ADT

While ADT is the target of the suit, it bears emphasizing the potential risk is not only an ADT problem. Indeed, other wireless alarm systems sold by incumbents like Vivint and Monitronics are likely equally vulnerable to the same basic exploit.

Improving Security

Hacking unsecured wireless is neither new nor exotic, and multiple defenses are available to mitigate risk.  Some basic steps include:

  • Go Wired: Wireless cannot be hacked if it is not used. More costly (labor intensive), wired intrusion systems are still available and the mainstay of 'high-security' alarm systems. Simply choosing wired systems eliminates the potential risk described in the lawsuit.
  • Use Spread Spectrum: When using wireless 'spread spectrum' or 'frequency hopping' connectivity between sensors and panels makes zeroing in or jamming  a particular link extremely difficult. The nature of spread spectrum means the connection frequency intermittently shifts between endpoints, and the phrase 'trying to hit a moving target' describes the difficulty. 

Who is the Plaintiff?

The plaintiff is Dale A. Baker and the law firm is Zimmerman Law Offices, who says their main part of their practice, with 18 years of experience, is class action lawsuits. According to the attorney, Baker has an ADT Pulse system installed at his home.

"His system was erroneously activated 2 times and police had to come to his house. He subsequently learned that their were wireless systems that were encrypted that would prevent would be burglars from interfering with the wireless systems. He felt he had an obligation to inform other people that they are not as safe in their homes as ADT may lead them to believe and also is seeking to have ADT modify this product to encrypt the wireless signals so they can not be intercepted."

Those looking to join the class action lawsuit may contact Zimmerman Law Offices.

1 report cite this report:

How to Hack an ADT Alarm System on Jan 26, 2015
This report explains the key steps in hacking an alarm system, like ADT, as was presented in a Defcon 22 presentation. The risk of such a hack has...
Comments (9) : PRO Members only. Login. or Join.

Related Reports

ADT Stock Drops After Announcing Loss And Amazon Delay on Mar 12, 2019
ADT's stock price dropped significantly after reporting heavy losses and delays in its Amazon partnership, as seen in the screenshot below: In...
US City Sued For Hiding Surveillance Camera Map on Mar 08, 2019
Should maps of public surveillance camera locations be kept a secret? That is what one US city is trying to do. Though the city admits the...
Church Technology Director Security Interview on Mar 07, 2019
With 40+ years of experience in IT from a wide array of verticals, including US and foreign military, and large corporate and industrial settings,...
Private School IT Manager Surveillance Interview on Feb 22, 2019
This IT manager describes himself as the "oft-maligned IT person" whose "opinions may not always be appreciated by the integrator crowd." But he is...
BluB0x Company Profile on Feb 20, 2019
BluB0x has doubled in revenue every year since its founding in 2013, according to CEO Patrick Barry. We originally reported on them in 2015. At the...
Ubiquiti Favorability Results 2019 on Feb 18, 2019
Ubiquiti has quietly grown into a $1+ billion annual revenue company, with offerings across wireless, wireline network and video surveillance (see...
ADT And 'The Defenders' Silent About Massive Complaints on Feb 14, 2019
ADT's largest dealer, "The Defenders" has been the subject of a massive number of complaints over many years and many forums, most recently a CBS...
Barnes Buchanan 2019: Despite 'Strange Narrative' Great Time To Be In Security on Feb 11, 2019
A "strange narrative" is being spun, said Michael Barnes at the 2019 Barnes Buchanan Conference. However, despite that narrative, it is a "great...
No Genetec Major Releases In Over A Year on Feb 06, 2019
Annual VMS licenses are a controversial practice in the video surveillance industry, with many questioning their need or value. However, enterprise...
Designing Access Control Guide on Jan 30, 2019
Designing an access control solution requires decisions on 8 fundamental questions. This in-depth guide helps you understand the options and...

Most Recent Industry Reports

ONVIF Favorability Results 2019 on Mar 15, 2019
In the past decade, ONVIF has grown from a reaction to the outside Cisco-lead PSIA challenge, to being the de facto video surveillance standard...
Hanwha Aerospace / Techwin Korean Tax Evasion Raid on Mar 15, 2019
A Hanwha group subsidiary was raided as part of a tax evasion probe. While a Korean news media report listed the raided entity as 'Hanwha...
Installation Course - Last Chance on Mar 14, 2019
Today is the last chance to register for the March Installation course. This is a unique installation course in a market where little practical...
City Physical Security Manager Interview on Mar 14, 2019
This physical security pro is the Physical Security Manager for the City of Calgary. He is a criminologist by training with an ASIS CPP credential....
US Drafting Separate Rule for NDAA Dahua/Hikvision 'Blacklist' on Mar 14, 2019
The most debated provision of the NDAA ban of Dahua, Hikvision, Huawei, et al. is the so-called 'blacklist' provision which would ban any company...
OpenALPR Acquired By Mysterious Novume on Mar 13, 2019
Startup OpenALPR has been acquired by Novume, a company virtually unknown in the industry. While there are many LPR providers (see our directory),...
Milestone Machine Learning Camera Auto-Setting Examined on Mar 13, 2019
Milestone wants to improve image quality using Machine Learning to solve the problem of "a camera doesn't know what it is being used for",...
Integrator Profitability Bonuses - Statistics on Mar 13, 2019
While winning projects typically gets the most attention, how profitable those jobs turn out to be is key to the long-term success of integrators....
ADT Stock Drops After Announcing Loss And Amazon Delay on Mar 12, 2019
ADT's stock price dropped significantly after reporting heavy losses and delays in its Amazon partnership, as seen in the screenshot below: In...
Pelco GFC 4K Dome Camera Tested (IMP831-1ERS) on Mar 12, 2019
Pelco has finally released their first 4K IP camera, after years of competitors' releases. Is this move too late? Or is their new GFC Professional...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact