Wi-Fi jamming to knock out cameras suspected in nine Minnesota burglaries -- smart security systems vulnerable as tech becomes cheaper and easier to acquire
If you have to run power to it, you might as well run some data as well. Never really the best idea to have mission critical equipment at the mercy of a congested wifi network.
It's been echod several times in this thread already but:
Wireless and security are oil and water. They do not mix. This goes byond wifi. If your security system has wireless sensors (door, window, motion) - you aren't secure. Please do not buy smart locks.
Wireless cameras are not security - they are a convenience. A convenience for checking on the kids in the back or seeing if that package got delivered.
If it's not wired and powered it is at best a scarecrow and at worse an indicator that you have money and you feel secure.
Sorry for being that guy but if possible you should always refrain from using Wifi for applications in production, safety and security. Too many known and unknown vectors to its reliability.
But yea, I get it. Most people don't know the details and on the overall market most affordable devices and services for security systems are some semi-"smart" products which are simple to set up. The extra work and cost that come with professional equipment aren't really appreciated, eapecially by those who don't know any better.
Wifi jamming is an easy thing to do, as the whole 2.4GHz band works on the assumption that everyone is nice to each other. One non-cooperative device, and everything in that band goes down: Wifi, BT, Garage door openers, Car key fobs...
I've been saying this since the Nest and other similar bullshit came out. In the electronic security industry, we've been installing hardwired PoE cams for over a decade and a half. High resolution, high bandwidth, no batteries or separate power adapters, centrally managed LOCAL video storage. And not vulnerable to RF jamming/hacking. Stop buying the shitty Harry Homeowner equipment.
In the 80s and 90s stores used to put up signs that read "monitored by CLOSED CIRCUIT television" because even back then they didn't trust wireless and they made sure you knew it wasn't.
And that’s why hardlining is still by far the best option available.
Hardlined cameras need to be physically accessed and the cables snipped in order to disrupt them, and most cameras offering hardlining now feed Ethernet through their bases, providing additional protection.
Most sub-20 camera systems can run for up to an hour or two on a 500VA UPS, and up to a week or more with PowerWall backups, defeating intentional power outages.
A fully airgapped system can defeat any sort of direct Internet intrusion.
Shielded Ethernet can help protect from crosstalk attacks provided they are correctly grounded with the appropriate switches.
Hardware auth between cameras and the DVR can help defend against direct attacks via an unplugged cable or an open wall jack, in that only approved hardware can make the needed connections with either end.
Encrypted communications between cameras and DVR can enhance the security of data across the wire.
A brace of identical dummy cameras - similarly powered, if they have external indicators - alongside real ones will waste the time and effort of attackers who conduct physical attacks, while keeping recording-infrastructure needs to a minimum.
Bonus if identical but “dark” Ethernet is similarly spoofed throughout the building, as not only will it confuse physical attackers, but it’ll also be already in-place for future communications-infrastructure improvements.
DVR needs to be in a secured location, ideally fireproof. In combination with № 7 and № 8, a dummy DVR (with live screens showing actual content) can exist elsewhere to distract any physical attackers.
Sure, this list isn’t 100% coverage, but it gets you nearly there with a minimum of effort.
The camera sends a ping every 30sec to the host. Missing ping: sound silent alarm with possible tampering. Missing 4 pings, let all hell break loose alarm sound.
That is how my sensors work. They work on 433/868mhz, this is open band and easy to flood. If the hub misses a ping from a sensor, the tamper protection alarm goes of.
Running wires is expensive. That's why most people opt for wireless, and on top of that, the convenience systems like Ring offer with their app, no NVR/DVR, none of the typical security system hardware cluttering things up.
This is the reason that all of mine are hardwired (literally) through the roof. Obviously more timeconsuming to do but the signal is way more responsive than wifi (esp. when my wifi bandwidth drops due to giant periodic cloud backups or multi-gigabyte PS5 update file downloads) and I wanted to make sure that all of the video is shunted to cloud and local secure storage in whatever seconds it might take for an attacker to physically disable the camera. Dozen cables down and into my router and switch in the mancave but it is what it is.
You could just add a small nonvolatile buffer to each camera if it’s not wired, such that if it loses connection with your home assistant server it will start recording. With 720p video and a 64gb flash storage you could, depending on encoding, store well over a day of footage. (Napkin math so could be wrong)
Police need to have the tools to detect and locate the deployment of wireless jammers. People need more visibility over the electromagnetic spectrum. It's a pretty big tell when they begin to use them.
This goes without saying but obviously the most secure will be analog. Unfortunately that is neither accessible or worth the time and trouble for the average consumer.