In the news this month were numerous stories about vulnerabilities in Comcast's Xfinity home security system. The systems use wireless sensors to detect opened doors and windows, and to detect motion when a home is expected to be vacant. Some of the stories made it sound as though owners of Xfinity security systems were now a burglary waiting to happen.
Wireless sensors make installing a security system very easy. At the same time, wireless sensors are vulnerable to radio frequency interference - whether incidental or intentional.
Security products by necessity walk an often-grey line between function and usability. On the one hand, elaborate, multi-layer controls can provide a high degree of security, but at a high financial as well as usability cost. As an extreme example, Jake Williams writes of the Australian government resorting to hand-delivering submarine plans and communications, to eliminate entirely the chances of communication being intercepted electronically.
On the other hand, simple and user-friendly controls are far less cumbersome, but far easier for a determined adversary to overcome. Consumer-grade systems tend to err more on the side of usability - frustrated customers cost companies in the form of technical support, and tend not to be repeat customers.
The Xfinity system fails open, meaning a disabled sensor does not trigger an alarm. A simple radio frequency jammer can interfere with the sensors, preventing any alarm when someone opens a door or window or passes a motion sensor. A burglar with the right equipment can easily disable the system and break in without triggering an alarm.
Think about it though: do you want your home alarm to alert you every time a sensor briefly loses connectivity with the base station? Or worse, alert local authorities? Many cities have local laws that assess citations and fines for false alarms.
That Xfinity security systems are vulnerable to abuse in this manner is noteworthy, but there is a more important point to consider. Vulnerabilities need to be understood in the context of what is being protected, and in the context of who is the intended user.
I will not say whether this particular vulnerability is "a bad thing." It depends on the priorities of the purchaser. What I will say though is this: as a consumer, or as an enterprise product specialist, include failure mode in your evaluation of a product. How does the product behave when things don't go as expected - and how do you want it to behave?
The "right" design is the one that best fits with your priorities.
Do you have thoughts to add? Disagree? Comment below or hit me up on Twitter at @dnlongen.
This article first appeared in CSOonline
