ADT Sued, Claimed 'Easily Hacked'

Author: Brian Rhodes, Published on Nov 17, 2014

A lawsuit has been filed against ADT.

The class action complaint claims ADT's wireless systems are 'easily hacked', that ADT knows this and yet engages in 'deceptive and misleading marketing statements.'

In this note, we examine the details and the technical claims.

The Lawsuit

The class action complaint filing claims "ADT’s deceptive and unlawful business acts and practices in connection with the sale of wireless home security equipment" and alleges "ADT’s failure to encrypt or otherwise secure its wireless signals" violates commercial trade practice acts in several states.

The lawsuit seeks "requiring ADT to change its marketing materials and to secure its customers’ wireless systems" plus various damages.

At this date, no claims of specific damages or loss due to the exploit are listed with the suit.


The lawsuit alleges that ADT's wireless security systems are susceptible to easy exploits that criminals can execute.

Vulnerable: The core weakness the suit claims is that ADT uses unencrypted wireless communication between sensors and the main panel, so that criminals can sniff out and 'jam' actual alarms from being triggered with inexpensive software defined radio gear easily purchased for <$15.

Get Video Surveillance News In Your Inbox
Get Video Surveillance News In Your Inbox

Alternatively, the suit claims hackers can trigger a flood of false alarms, potentially resulting in users refusing to arm it out of frustration. The other scenario paints a situation where local police fail to eagerly respond to a 'routine' call from a notoriously errant system, leaving the facility vulnerable to real heists 'or worse'.

The main external reference the complaint makes is a July 2014 Forbes article where a cybersecurity reseacher claims to have hacked ADT wireless systems:

"He was able to play around with an ADT system thanks to the graciousness of his girlfriend’s father, who had one at home. The different vendors’ products all had the same problem: legacy wireless communications from the 90s that failed to encrypt or authenticate signals. He could be pick up the signals being sent from sensors on windows and doors to the main control system using a cheap SDR, meaning he could see transmissions from sensors — which are sent even when the system is unarmed — and track when people were opening and closing windows and doors. With a more sophisticated SDR, he could interfere with transmissions, setting the alarm off falsely by telling it doors were opening when they weren’t or jamming the system so that it wouldn’t go off, even if doors did open. He could do this from 65 to 250 yards away– basically a house over."

Issues With the Claims

On the surface, the claim could bear out as a risk at least for some ADT systems.  However, one aspect of an 'ADT System' not addressed in the suit is there is no single or even typical alarm system. While unencrypted wireless could prove a vulnerability for some residential grade and older intrusion systems, ADT installs over 20 different systems. Several of those prominently feature 'spread spectrum' and 128 AES encrypted wireless technology that at least makes sniffing out and tampering with systems difficult. 

Interestingly, ADT's flagship Pulse offering is Z-Wave based, and makes no explicit claims about encrypting wireless intrusion sensors, but does claims that the wireless video surveillance element uses WPA2 encryption between the camera and hub, and then HTTPS between local hub and cloud servers.

Not Just ADT

While ADT is the target of the suit, it bears emphasizing the potential risk is not only an ADT problem. Indeed, other wireless alarm systems sold by incumbents like Vivint and Monitronics are likely equally vulnerable to the same basic exploit.

Improving Security

Hacking unsecured wireless is neither new nor exotic, and multiple defenses are available to mitigate risk.  Some basic steps include:

  • Go Wired: Wireless cannot be hacked if it is not used. More costly (labor intensive), wired intrusion systems are still available and the mainstay of 'high-security' alarm systems. Simply choosing wired systems eliminates the potential risk described in the lawsuit.
  • Use Spread Spectrum: When using wireless 'spread spectrum' or 'frequency hopping' connectivity between sensors and panels makes zeroing in or jamming  a particular link extremely difficult. The nature of spread spectrum means the connection frequency intermittently shifts between endpoints, and the phrase 'trying to hit a moving target' describes the difficulty. 

Who is the Plaintiff?

The plaintiff is Dale A. Baker and the law firm is Zimmerman Law Offices, who says their main part of their practice, with 18 years of experience, is class action lawsuits. According to the attorney, Baker has an ADT Pulse system installed at his home.

"His system was erroneously activated 2 times and police had to come to his house. He subsequently learned that their were wireless systems that were encrypted that would prevent would be burglars from interfering with the wireless systems. He felt he had an obligation to inform other people that they are not as safe in their homes as ADT may lead them to believe and also is seeking to have ADT modify this product to encrypt the wireless signals so they can not be intercepted."

Those looking to join the class action lawsuit may contact Zimmerman Law Offices.

1 report cite this report:

How to Hack an ADT Alarm System on Jan 26, 2015
This report explains the key steps in hacking an alarm system, like ADT, as was presented in a Defcon 22 presentation. The risk of such a hack has...
Comments (9) : PRO Members only. Login. or Join.

Related Reports

April 2018 IP Networking Course on Mar 22, 2018
Our next IP Networking course starts in April. Register now. NEW - 2 sessions per class, 'day' and 'night' to give you double the chance of...
Axis Z-Wave IP Camera Tested Poorly on Mar 20, 2018
Z-Wave is drawing notable interest for video surveillance use. In IPVM's initial coverage, 84% expressed interest in it, with nearly half being...
ADT Hammered Again, Loses Another Billion In Market Cap on Mar 16, 2018
ADT's CEO told investors that, 'in baseball terms', ADT was batting 5 for 5. But investors told ADT's CEO, 'in baseball terms', that he was...
Cellular (4G / LTE / 5G) For Video Surveillance Guide on Mar 06, 2018
In this report, we explain using cellular for video surveillance including: 4G vs LTE vs 5G 4G standards 5G future Advantage: Placing cameras...
Aruba Networks Profile on Feb 22, 2018
Aruba Networks' presence in the video surveillance market has historically been limited. With a company focus on Wi-Fi first and switching...
Bosch Merges Video, Intrusion and Access Businesses on Feb 19, 2018
Bosch is merging their "video systems, intrusion detection, as well as its access control and management software business units to form a single...
Simplisafe 'All New' Generation 3 Tested on Feb 08, 2018
Feared by the traditional alarm industry, Simplisafe has launched its 'all new' Generation 3 platform that they declare is "Stronger. Faster....
Arlo, Bigger Than Avigilon, More Valuable Than Axis on Feb 08, 2018
Arlo, the wireless IP camera offering that Netgear bought ~5 years ago for a few tens of millions is now doing more revenue than Avigilon and...
Axis Launches Z-Wave IP Camera on Jan 31, 2018
Z-Wave is big in home automation but not in video surveillance. Now, Axis is announcing their first camera with Z-Wave built in, the M5065, a...
"First Of Its Kind" Stove Knob Alarm Sensor (2GIG) on Jan 15, 2018
At CES 2018, 2Gig/Nortek announced the Stove &amp; Grill Guard, a "first of its kind" sensor in the security industry, allowing users to be...

Most Recent Industry Reports

Top 4 Biggest Problems Selling Access Control on Mar 23, 2018
We received 150+ responses from integrators when we asked them "What is the biggest problem you face when selling electronic access control?...
US / China Tariffs Impact on Video Surveillance on Mar 23, 2018
On March 22, 2018, the US issued a Presidential Memorandum on the Actions by the United States Related to the Section 301 Investigation, with 3...
April 2018 IP Networking Course on Mar 22, 2018
Our next IP Networking course starts in April. Register now. NEW - 2 sessions per class, 'day' and 'night' to give you double the chance of...
Favorite Access Control Credentials 2018 on Mar 22, 2018
In this 2018 access integrator statistics result, which credential type holds the favored spot to unlock access doors? More than 150 integrators...
ISC West Bans Booth Babes on Mar 22, 2018
Booth babes, goodbye. Technically, ISC West banned them 2 years ago with a 'staffing attire' requirement but it looks like ISC West is going to...
Hikvision Fails To Fix Unsafe Browser Plugin on Mar 21, 2018
More than 2 years ago, Hikvision committed to resolving the use of unsafe and ineffective browser plugins. Despite that, today, Hikvision still has...
Network Racks For Surveillance Guide on Mar 21, 2018
In this guide, we look at network rack infrastructure, one of the fundamentals of IP video surveillance. Inside, we cover: What is a rack unit...
Security Robot Sales Struggle on Mar 21, 2018
2 year ago, PSA Security CEO Bill Bozeman called security robots one of “the biggest game changers” in decades for security integrators. Just over...
Dahua Global Launch LeChange on Mar 20, 2018
Dahua is getting into the consumer video surveillance market globally, with "LeChange", an offering long available inside of China is now being...
Axis Z-Wave IP Camera Tested Poorly on Mar 20, 2018
Z-Wave is drawing notable interest for video surveillance use. In IPVM's initial coverage, 84% expressed interest in it, with nearly half being...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact