Older keypads that still use landlines would set off the alarm if the line is cut to prevent communication with the reporting center, Porter said. However, it turns out that in order to monitor the link they check for a specific voltage. So if the attacker can tap the line and supply that voltage, he can cut it without setting off the alarm, he said.
At least a third of old security systems and probably a quarter of the newer ones can have all of their components -- door locks, motion detectors and keypads -- bypassed, Porter said, noting that this is a very rough estimation based on his knowledge of what technologies are currently being used and keeping in mind that physical security systems have a high turnaround. A five-year turnaround in the world of physical security would actually be considered quick, he said.
The Bishop Fox researchers provided recommendations about what owners of such devices can do to mitigate some of the attacks and are also working with the affected vendors to address these problems.
Porter believes that ultimately, the task and cost of upgrading these systems will likely fall with the users.
"I don't really see many vendors going and replacing these units," he said. They'll have to build different units that will have to function differently and some of the required changes will be significant, he said.
Sign up for Computerworld eNewsletters.