Residential Encryption Gains Traction

Aug. 10, 2020
No longer only within the purview of cybersecurity providers, the technology provides a key selling point for peace of mind among homeowners
This article originally appeared in the August 2020 issue of Security Business magazine. When sharing, don’t forget to mention @SecBusinessMag on Twitter and Security Business magazine on LinkedIn.

News of security breaches seem to be a regular occurrence where a system or database that has been hacked has the potential to expose thousands of people’s private and sensitive information. If this can happen to seemingly secure, large organization systems, it stands to reason that a residential security system is just as vulnerable. Homeowners know we live in insecure times, which means most of your residential customers want additional confidence in the level of protection their home systems provide.

To help residential integrators stay ahead of homeowner expectations for more cyber-secure systems that protect against mounting intrusion sources, advanced encryption technology technologies integrated into next-generation residential systems may be the answer to giving consumers peace of mind that their home systems can block sophisticated hacks.

Not only can encryption deliver a higher degree of security and help integrators keep customers happy, but the technology can also offer added business benefits for integrators while helping to eliminate take-overs.

A Higher Level of Security

As smart home and security systems go hand-in-hand today, integrators must make sure connected systems are as secure as possible from the latest cybersecurity threats. While the task is daunting, it also presents new opportunities for integrators to meet rising homeowner expectations for protection from their security provider.

Homeowners are learning that just about any unencrypted wireless device that connects to the Internet – such as a home security system – can be vulnerable to an unauthorized intrusion. As customers become more aware of the potential risks from systems based on outdated technologies, they will most likely start to question the trust in their installed security systems. Even newer systems can be subject to technology weaknesses, such as widely reported vulnerabilities of unencrypted SimpliSafe systems, as well as Ring doorbells.

These instances have the ability to erode confidence in the industry over time. With encrypted sensors, integrators can offer homeowners an upgraded solution that has an extra level of security to prevent intrusions from skilled hackers. Encryption-based systems allow integrators to sell true peace-of-mind to the consumer and give them a competitive advantage in selling against popular DIY systems.

Encryption is a process that encodes information and only allows authorized devices or people to have access to that information, while also being able to block or deny access to unauthorized devices or individuals. A system with encryption eliminates hacks by using an algorithm to encrypt a signal or data, and then it requires a key on the receiving device to decrypt that signal or information.

The technology can encrypt the communication transfer between sensor and panel so that only a customer’s specific system panel will have the encryption key that allows it to read the status of the sensor transmissions. With an unencrypted sensor signal, a knowledgeable hacker with RF listening equipment could copy and “trick” the security panel into disabling specific sensors or suppressing alarms.

Additionally, today’s security systems store sensitive passwords and other data, due to the growing adoption of smart home systems that enable users to connect to their personal devices and other systems within the home. An encrypted security system makes sure this secret information in inaccessible. Consumers are also finding that popular DIY-branded systems can be susceptible to hacks due to lack of encrypted signals.

Integrators can instill greater peace of mind for customers by leveraging and explaining the added security benefits of encrypted sensors, which are available now and do not necessarily cost more to deploy.

Common Exploits

Here are two common hacker methods for exploiting vulnerabilities of unencrypted systems:  

Capture & Replay, where a hacker is able to tap into a system with an unencrypted door or window sensor. They use a device with signal interception technology that enables them to capture the recorded communication from the sensor signal, which the hacker then replays to tell the system the door is closed, even if it remains open. Systems with an unencrypted keyfob are an even bigger risk, as the hacker can more easily capture and replay the keyfob signal to actually disarm the system.

Wireless transmissions are the same every time a door sensor is activated or a keyfob disarms the system. This means that any unencrypted communication between the sensor or keyfob and the security panel is vulnerable to a replay attack. As has been reported by many news outlets, devices with signal interception technology are affordable and readily available.

With encrypted sensors on doors and windows, even if hackers are able to capture a sensor signal, they would not be able to use it or replay it, as the system will not recognize it as legitimate.

Man in the Middle is a type of intrusion tactic that enables the hacker to basically “listen to everything.” Unauthorized intrusions occur from the ability to capture decoding information, which hackers can use to manipulate or instruct the system to do something different.

To protect against Man in the Middle threats, wireless sensor communications must be protected with strong encryption so that each signal received by the system cannot be intercepted and changed by a hacker.

Business Benefits for the Integrator

It is an unfortunate reality in the home security business that up to 40 percent of residential security accounts are lost to takeovers. Encrypted sensors can only be used on the same company’s control panels, which means an integrator’s equipment investment is protected – as the cost for a competitor to take over the account is now higher.

Another important consideration is that encrypted security systems help shield integrators from liability. No one wants to be drawn into a class-action lawsuit similar to claims against ADT in five separate class action lawsuits filed between November 2014 and April 2016 in Arizona, California, Florida and Illinois, which alleged home security systems used unencrypted wireless communications systems that rendered them vulnerable to being hacked.

Missy Means is 2GIG product marketing manager for Nortek Security & Control. Request more info about the company at