SRI Security Research Institute, Edith Cowan University, Perth, Western Australia
Alarm systems with keypads, sensors and sirens protect our homes and commercial premises from intruders. The reliability of these systems has improved over the past years but the technology has remained largely as it was 3 decades ago. With simple keypads and generally 4 digit PIN codes used for setting and unsetting the alarms, the main protection against a determined intruder is the necessity to choose robust PIN codes. However, with PIN codes chosen that are generally easy to remember and therefore relatively easy to guess, or numbers chosen to follow a pattern on the keypad, the main protection from these systems lies in the ability to detect an intruder as they approach the keypad. This gives the intruder very little time to try multiple codes meaning the systems are secure because the intruder is detected quickly. This research looks at the choices of PIN codes and the patterns that they often follow, and sets out the forthcoming research that will look at circumventing the safeguards by performing computer driven attacks against the codes when access to the device is possible and when remote access to the device can be made over the telephone system. Additionally, the forensic evidence left behind by an attacker is discussed and how simple enhancements to systems can have significant advantages in enhancing the amount of evidence that can be found. This paper describes the preliminary findings from analysing 700 alarm codes used in alarm systems throughout New Zealand and describes the planned research into alarm system security and forensic evidence remaining after a successful attack by an intruder.