How To Defeat a Security Alarm: Crash and Smash Attack

One of the reasons I love being a security professional is the never ending chess game we get to play with criminals. We invent a new security measure and they try to figure out how to defeat it. They invent a new security system attack and we try to figure out how to stop them and/or catch them in the act. The “Crash and Smash” attack is one commonly used by burglars to defeat security alarms. Here’s how it works.

  1. The burglar kicks in an entry door. Entry doors are doors that the security alarm allows you to use when you come home. Rather than sounding the alarm right away, when you open an entry door the alarm starts beeping and counting down for 30, 45 or 60 seconds giving you time to walk to your keypad and disarm the alarm system. Unfortunately your security alarm can’t tell the difference between a burglar kicking in the door and you walking in as usual, so it treats the burglar just like you and waits 30 to 60 seconds before the alarm goes off. Residential doors are surprisingly easy to kick in unless you have a reinforced door frame.
  2. The burglar uses that 30 to 60 second entry delay to quickly search your house for the alarm panel. This isn’t always easy, but it’s very doable. As a security alarm professional when I am doing a home security assessment I can usually find the main alarm panel in the first or second place I look, which is often necessary because many homeowners don’t know where their alarm panel is. First I check the basement and if it’s not in the basement then I check the closets. If you think 30 to 60 seconds is too short to find your alarm panel think again. Try this – time yourself coming in the front door and running to your alarm panel. Chances are you will get there in 10 seconds or less. That leaves you at least 20 seconds to destroy the alarm panel.
  3. The burglar destroys the alarm panel before the 30 to 60 second entry delay countdown runs out. Security alarms don’t call to alert the police until after this entry delay countdown has run out and the alarm siren is going off. If the burglar successfully destroys or disables the alarm system before that 30 to 60 second entry delay countdown is up then the alarm will not call and alert the police! At this point your security alarm is useless. Is your alarm panel in a locked metal box? It doesn’t matter! All they have to do is tear the metal box off the wall or simply cut the wires coming out of the metal box that go to the phone line. Even if you have a wireless cellular GSM based security alarm there are still wires connecting the alarm to the cell phone communicator. Even if the cell phone communicator is locked inside the metal box they can still destroy the wireless antenna, which due to the laws of physics can not be inside the metal box or it would not be able to communicate with the cell phone tower.

That’s how a crash and smash attack works. The crash is when the burglar kicks in the entry door. The smash is when the burglar smashes or disables the alarm panel before it calls out for help. The result is the burglar has rendered your fancy security alarm useless and can spend all the time he wants in your house because the cops haven’t been called.

The good news is Alarm.com has developed a clever method to detect this form of attack called “Crash and Smash Protection”. Rather than waiting for the entry delay countdown to finish, Alarm.com crash and smash protection sends out a signal immediately as soon as the entry door is opened saying “an entry door has just been opened, stand by for for a disarm confirmation”. If the Alarm.com security system doesn’t follow up by sending a disarm confirmation signal within a few minutes then Alarm.com assumes a burglar has destroyed your alarm panel and issues a crash and smash alarm signal to the central station who will then follow the normal burglary alarm protocol and dispatch the police if necessary. The video below illustrates how this works.


Alarm.com’s crash and smash protection is relatively new and most burglars aren’t aware of it yet. Most alarm systems don’t have it. ADT doesn’t have crash and smash protection. That’s right, if you have an ADT security alarm then you do not have crash and smash protection. Therefore many burglars faced with an Alarm.com system will assume they have successfully disabled your alarm by smashing it when in reality the police have been notified of the crash and smash alarm and are on their way.

Eventually burglars may invent a new attack to defeat Alarm.com’s crash and smash protection but we don’t see it happening in the near future. You can have the upper hand by using Alarm.com with crash and smash protection instead of outdated systems like ADT which are vulnerable to a simple crash and smash attack using nothing more than swift kick to an entry door and a baseball bat to the alarm panel. So goes another round in the never-ending chess game between criminal and security professional. It’s your move bad guys!

suretyCAM is your provider of Alarm.com security alarms with crash and smash protection in Columbus OH, central Ohio and the surrounding areas including Cincinnati and Cleveland, as well as DIY Alarm.com security systems across the United States.

Ryan Boder

About the Author:

Ryan Boder founded suretyCAM with a single goal – to shake up the security industry and show customers that it can be done differently, that it can be done better. The security industry needs a shot in the arm. Ryan brings a fresh perspective that is based on common sense as well as advanced engineering. His background as a software, electrical and computer engineer developing top secret military systems has given him the ideal technical foundation on which to build the next generation of security and automation services. suretyCAM is not a sales organization, it is a security engineering firm owned and managed by engineers. Our mission is to help you protect yourself by providing you with the tools and the knowledge to do so. Ryan’s experience in home security includes designing and installing custom security systems for the high-end residences of the rich and famous. Millionaires and even billionaires have trusted Ryan to design their home security systems and now he’s applying those same concepts to your home. Receiving a B.S. degree in Electrical and Computer Engineering, from Carnegie Mellon University and a M.S. degree in Computer Engineering, from Ohio State University, Ryan’s work has been featured in the United States Army and Navy systems as well as Israeli, French, South Korean and Italian defense systems. Ryan’s areas of expertise are security and automation systems, the cohesive integration of heterogeneous devices, QoS in wireless networks, instrumentation radar and motion control, distributed system design, real-time operating systems, reliable embedded systems, discrete event simulators, Internet and web based software, and project management.
  Related Posts

Comments

  1. John  February 21, 2012

    Ryan writes: “Alarm.com crash and smash protection sends out a signal immediately as soon as the entry door is opened”

    What is “immediately”? 5-10 seconds? If the control panel and GSM unit are located in the keypad right by the front door, as is the case with these wireless alarm systems, they can be smashed before the alarm able to contact central station.

    I find lots of marketing claims made by these wireless type systems that don’t stand up to the most basic scrutiny, such as locating the control panel inside the keypad at the front door is a supremely stupid idea.

    From what I gather, the control panel (steel box) should be located in the attic, ensuring a minute or more passes before it can be reached.

    reply
    • Ryan Boder  February 22, 2012

      Hi John, thanks for your comment. No, it does not take 5 to 10 seconds for the control panel to send the message to Alarm.com. I’ve tested it personally and I’ve always measured 1 to 4 seconds. It does take a few more seconds afterward for Alarm.com to send the confirmation back to the panel but that’s irrelevant since the signal already went through.

      You are correct, the control panel should not be placed next to the front door. That’s not where I would install it and that’s not where 2GIG recommends installing it. It should be located centrally in the house in a location that is not visible from an outside a window. Often we even install them in the master bedroom and then put a secondary touch screen by the front door, or people just use their phones to disarm before they enter so no keypad is needed by the door.

      You’re right, the longer it takes for the intruder to get to the control panel the better, but putting the control panel in a metal box does absolutely nothing to help the situation because all an intruder has to do is cut the wires coming out of the metal box and they’ve accomplished exactly the same thing as smashing the panel. Either the phone line or the wires from the GSM communicator or the antenna will be sticking out of the metal box and they are all just as vulnerable as an all-in-one system. The metal box only gives you a false sense of security. That’s a big part of the reason why all-in-one systems are so common now because putting the panel in a metal box doesn’t stand up to the most basic scrutiny.

      Best Regards, Ryan

      reply
      • John  February 22, 2012

        Thanks for the reply Ryan.

        I like your idea of placing the primary 2GIG keypad in an upstairs bedroom, instead of by the front door, as is typical. This should really be the standard installation approach, but perhaps it’s not mentioned to the consumer, because it would then mean explaining that the entire “control panel” is located in the keypad. I know that makes me uncomfortable, regardless of any safety measures the 2GIG system may attempt to provide.

        Using the phone to disarm and having the entry door on a zero delay is also a creative approach, and something to consider (though it may be inconvenient).

        As for the traditional steel box control panel, as mentioned, the installation location is key, and I think the attic would be the most time consuming location for a criminal to reach (easily a minute or more in most houses). It’s extremely unlikely they would make it up to the attic, locate the box, and cut the wires in time.

        Additionally, alarm manufacturers should place the control panel and battery-powered GSM transmitter into a reinforced fiberglass box, instead of a steel box that blocks the antennae, so that the alarm signal would ALWAYS make it out out to central station. Such a box would withstand sledge hammer blows, yet still not block the GSM signal.

        reply
        • Ryan Boder  February 23, 2012

          Using a fiberglass box instead of metal is an interesting idea. Then the GSM communicator could be physically protected. I don’t know why none of the manufacturers have done that, but I’ll ask around. Of course, even if you used a fiberglass box a smart intruder could bring a their own metal box or even aluminum foil and cover the fiberglass box to prevent the cell phone call.

          reply
      • Sean  August 15, 2012

        Locating this type of hardware is not recommended due to attic humidity and extreme temperatures. We locate our panels in different locations just to keep the criminals guessing.

        reply
      • flocker man  February 18, 2013

        so can I just cut the wires from the metal box and kill the system

        reply
        • Ryan Boder  February 18, 2013

          Cutting the wires coming out of the box will disable the system, just like smashing an all-on-one panel will disable it. The key is you need your system to send an alarm signal to the central station before it’s disabled. That’s what crash and smash protection accomplishes. There are other ways to accomplish the same thing, such as supervising the box with a motion detector.

          reply
    • Jeff  November 5, 2012

      According to ADT their system MAY not give an alarm code, but it DOES give a tampering code if the system is in a countdown and it tampered with. ADT takes tampering codes the same as an emergency code according to their customer service. While it may be semantics, the crash and smash should still trigger an alarm-in fact, more quickly than the typical alarm.

      reply
      • Ryan Boder  November 6, 2012

        Hi Jeff,

        If the communicator on an ADT system is destroyed in a crash-and-smash attack then there is no way for the panel to send out the tamper signal. What you’re describing is only true if the intruder tampers with the system without actually destroying the communicator. However, that would not be a crash-and-smash attack – that would just be a crash-and-tamper attack. Any old alarm system can handle that.

        With Alarm.com crash-and-smash protection the initial signal is sent out immediately when the entry door is opened so even if the communicator is completely destroyed seconds later Alarm.com will still detect the break-in.

        Best Regards,
        Ryan

        reply
        • Steven J  June 17, 2014

          Smashing the panel or Long Range Radio which if smart are completely located in different spots. Appropriate glass breaks/shock sensors in the house would trigger an alarm immediately upon forcing entry. you might be able to stop the panel from communicating with the radio (if found quickly) but once that happens the central station is aware of a communication loss. Many systems also have back up communication upon losing gsm radio communication.

          reply
    • george kashuba  June 23, 2014

      I agree with you , the only sure way to protect a system is to ping the base station every 3-5 sec ,if base station does not sense the ping signal then it can try talk back mode , we used this type of signaling 30 years ago at Wormald Electric Signals .

      George Kashuba

      reply
  2. John  February 21, 2012

    Ryan writes: “many burglars faced with an Alarm.com system will assume they have successfully disabled your alarm by smashing it”

    This alone is a problem. A burglar should not be emboldened to enter and smash a keypad/control panel. Even if the control panel/keypad is able to transmit the signal before being smashed, the crook still has 30 seconds before central station determines the password was not entered, then makes a call to the homeowner, then finally 3-5 minutes later the police are called.

    So the alarm has “worked” and was not defeated entirely, but the crook had 3-5 minutes to steal things and is long gone.

    reply
    • Ryan Boder  February 22, 2012

      Hi again John, you raise a lot of good points and are a critical thinker like me. I appreciate that very much.

      Why would the burglar be emboldened to enter and smash the panel any more than with a traditional system? Crash and smash attacks are not a recent development or necessarily related to wireless systems, crash and smash attacks are just as possible with a traditional system in a metal box by simply cutting the wires coming out of the box, as described in my other comment. Crash and smash protection is a solution to this problem developed by Alarm.com that would apply just as well to a wired system. The burglar shouldn’t know what kind of system is installed or where the main control panel is anyway.

      At the option of the home owner, the central station can call the police first when a crash and smash event occurs since that’s not likely to be a false alarm. What you’re doing with these questions is exactly why I love this industry, it’s a chess game between us and the bad guys. Keep it up and if you have any suggestions or questions please post them for others to benefit from.

      Best Regards, Ryan

      reply
      • John  February 22, 2012

        The difference is if a shady repair man observes an all-in-one panel while in the home on Monday, they will believe they can return on Tuesday, kick in the front door and smash the keypad quickly enough, and the alarm will be disabled.

        Moving the primary keypad upstairs as you suggested will mostly address the problem, but how many installers are making such a recommendation?

        Please help me with this scenario:

        1) A crook kicks open the front door.

        2) The system successfully notifies central station that a door is opened and to expect a disarm code soon.

        3) Crook smashes keypad control panel.

        4a) How much time will pass before central station determines that the disarm code has not been entered, and an alarm condition is underway? This strikes me as a key weakness.

        Another important question, when is the siren disabled? The tiny siren in the keypad is not a siren, but assuming a real siren has been installed, when will that trigger, and what event can silence it?

        reply
        • Ryan Boder  February 23, 2012

          I don’t know how many installers are making the recommendation to install the main control panel in the master bedroom, but we are. One difficulty we run into doing that with the 2GIG panels is that the main control panel won’t let you turn off the LED lights around the Home and Emergency buttons so those lights are on in your bedroom at night. They’re not too bright but we have had customers complain about that. Sometimes we install the main panel in the master bedroom closet so the lights won’t bother them. The TS1 secondary touch screen keypad doesn’t have this problem, just the main panel. I’ve been complaining to 2GIG about this issue for a while now and I expect it to be corrected soon.

          The amount of time it takes to determine a crash and smash has occurred is the just the entry delay (30 seconds). Then Alarm.com waits whatever time you have programmed in the dialer delay before calling the central station (15 seconds). So it would take 45 seconds before the call to the central station is initiated. It may actually be a couple extra seconds on top of that to avoid error. However, the time it takes for the police to come eclipses that 47 seconds.

          If you’re using a hard wired siren, then smashing the panel or cutting the wires will disable that siren. If you’re using a wireless (Z-Wave) siren then it will continue sounding even after the panel is smashed, you would have to smash the siren itself to disable it. Of course in any of these cases the siren won’t sound until the entry delay is up and if the panel is smashed by then it won’t sound at all.

          Different people have different security requirements and it sounds like yours are high. Another method we use to prevent crash and smash attacks all together is by reinforcing the entry door so it can’t be kicked in. Have you see our Strikemaster II Pro door frame reinforcement?

          http://suretycam.com/2011/08/30/strikemaster-ii-pro-cost-effective-security/

          reply
      • Dilaney  October 8, 2012

        The burglar is “emboldened to enter and smash the panel (self-contained alarm system)” because of its physical appearance and size. You can very easily tell by looking at an alarm system’s keypad which is simply a keypad and which is large enough to contain the communicator and back-up battery.

        All burglars are not as stupid as most people believe. Therefore, when you design and install an alarm system, you should always assume that the potential burglar has as much knowledge of the security system as the professional technician who is installing it.

        Twenty years ago there was little knowledge of alarm systems and how they worked. That’s not the case today, especially with internet sites promoting criminal activities and providing information on-line such as how to make a “bump-key”.

        reply
        • Ryan Boder  October 19, 2012

          Hi Dilaney,

          I agree burglars are getting smarter and we’ll always be working to stay a few steps ahead of them. It’s arguable that all-in-one units embolden burglars but a smart burglar would also know that with a traditional keypad system they can kick in the entry door and have 30 seconds find the main panel and either destroy it or simply cut the wires between the panel and the communicator. The keypad or all-in-one unit shouldn’t be visible from outside anyway. The solution isn’t to disregard all-in-one units, it’s to think of the security system as a complete system and design the entire system to protect against vulnerabilities. Crash and smash protection is a great tool we can utilize when designing a secure home system and a secure system can certainly be designed with an all-in-one unit but care must be taken as with any system.

          Best Regards,
          Ryan

          reply
  3. Lanita  May 19, 2012

    So what’s your conclusion John?

    reply
  4. Steve  August 24, 2012

    Wow. I was a victim of a Crash and Smash . but now iv got a top of the line security . its an app on my phone it sends you a emergency text or notification stating your alarm went off and i also have security cameras which i can see when alarm is triggered or thermal detection is good way to catch burglars. its a bit expensiver. what i recommend is a dog too, or rig your smoke or CM alarm to your security, dont go for ADT and other systems. they are b.s and dont work.

    reply
    • Ryan Boder  October 21, 2012

      Hi Steve,

      I agree! Try suretyCAM Alarm.com with crash and smash protection.

      Best Regards,
      Ryan

      reply
      • Anthony  October 30, 2014

        just putting in my two cents, I have ADT , i have a Statfordshire pitbull terrier , a Rottweiler and a bullmastiff ,the last time someone tried to break into my home/ yard my yard was a mess. I trained them very well I caught the action on seruritycam, the boys down at the police station got a good laugh off of it I love my dogs~~~ Anthony~~~

        reply
  5. Dilaney  October 7, 2012

    I applaud your efforts on providing information about alarm systems and how they actually work. It’s a refreshing change from other websites.

    While you are correct in your statement that “different people have different security requirements”, I’m the type who believes that NO ONE needs the “security” provided by an all-in-one self-contained keypad alarm system which uses an unsupervised telephone line to communicate to the monitoring station.

    This is a piece of junk product which shouldn’t be sold WITHOUT extensive warnings – better would be to remove them from shelves entirely.

    “Crash-and-Smash” technology was “developed” in the sole interest of reinforcing the rather obvious weakness with placing the alarm’s communicator inside the keypad where it is exposed for attack at the front door. So we now have a pre-alert signal being transmitted when the door contact is first opened (not at the end of the entry delay) and the tramsmission is made by cellular instead of telephone.

    From a strictly SECURITY point of view, there is no logical reason for exposing the most vital part of the alarm system (communicator) at the front door, even if it is cellular.

    At least you are explaining to your customers that they should re-locate the communicator keypad and install another keypad at the front door. If you listen to your competitors, they’re all bragging how everything is completely solved by “Crash-and-Smash” and that only the best alarm systems use this “technology”.

    What they aren’t telling their customers are the actual LIMITATIONS to “Crash-and-Smash” – which can ONLY work if the alarm system is armed – AND if the door contact is opened first.

    What happens if the burglar breaks a glass side-light and then smashes the keypad? What if he cuts a hole in the front door to enter and the door contact is never opened BEFORE the keypad is “Smashed”?

    The best security systems hide the control panel’s communicator, preferably inside a locked room. Motion detector which don’t have entry delays must be tripped FIRST before the intruder can even approach the control panel’s hidden location. The motion detectors which help to secure the alarm communicator MUST also be active when the homeowners are inside sleeping with the alarm system armed in STAY mode.

    The BEST alarm systems communicate wirelessly to the monitoring station, either through cellular or long-range radio. I prefer networked radio which has advantages over cellular such as not being dependant on a single cell tower. Multiple communication pathways to the monitoring station are available by using all of the monitoring station’s clients’ installed radios as “towers”.

    More products designed to jam cellular signals are surfacing on the market, which is why I only use cellular if the client is outside of radio range to the monitoring station.

    Finally, the technology that will ensure notification of a destroyed alarm communicator under ANY circumstances is “supervised heart-beats”. Once the heart-beats stop, the monitoring station is aware that something may be “up”, regardless of whether or not the alarm system is ARMED (as is the case with “Crash-and-Smash”).

    While placing the alarm communicator inside the attic [as suggested by another commenter] is not recommended due to the harsh environment, hiding the communicator on an upstairs floor is a better alternative than the basement. Your suggestion of the master bedroom closet is valid as the burglar would have to go through more levels (and floors) of detection before reaching the communicator. A motion detector inside the master bedroom is a required component of the alarm system, both to supervise the control panel inside the closet and also because a burglar is sure to “visit” the master bedroom..

    When designing a security system, the ONLY motion detectors which should follow an entry delay are those in direct line-of-sight to a keypad. Therefore, if someone decides to program a ridiculously long entry delay of 60-seconds on the front door contact, it won’t matter because motion detectors will be tripped and provide an instant alarm once the burglar enters the interior living space.

    I love your suggestion of reinforcing the front door. Keep up the EXCELLENT work!

    reply
    • Ryan Boder  October 19, 2012

      Hi Dilaney,

      Wow good post! A lot of good points! I differ from you a little in that I think cellular all-in-one units are actually very useful security systems, the security designer just needs to be aware of their vulnerabilities and account for them. You’re right that crash and smash protection only works when the system is armed but I don’t see the significance of that point – alarm systems in general only work when the system is armed. It doesn’t matter where the communicator is, if the system isn’t armed it doesn’t do much at all to protect the home. If someone does break in via a window or other means then the strategically placed motion detectors and glass break sensors should get them before they smash the panel and those would send immediate alarms with no entry delay so crash and smash protection isn’t applicable in that situation. Same applies if a hole is cut on the front door, motion detectors get them and send an immediate alarm. Heart beats do detect a smashed panel but they are limited by the frequency of the heart beat. All the panels I’m aware of use heart beats with a minimum interval of about 5 minutes and they don’t trigger an alarm unless the receiver misses 2 heart beats in a row so nothing would be detected for 5 to 10 minutes at best. You might try thinking about crash and smash protection as an improvement on heart-beat technology in the specific case of a crash and smash attack because it’s the same concept but it improves the detection time from 5-10 minutes down to 1-2 minutes. Keep in mind that crash and smash protection is in addition to heart-beat technology, the Alarm.com systems with crash and smash protection also utilize heart-beat technology. If you really care about security then hide the main panel with the communicator in your “safe room” and pay for a secondary keypad by the front door but even a cellular all-in-one unit by the front door with crash and smash protection is still a lot better than nothing at all – and a lot better than a land line alarm system. We’ve seen customer’s land line systems fail due to telephone line cuts but I have yet to see a crash and smash system get defected by a burglar. Those differences aside, I absolutely agree with you on most of your points, keep up the good work!

      Best Regards,
      Ryan

      reply
      • Dilaney  October 19, 2012

        Hi Ryan,

        Thanks for your reply.

        Let’s imagine a worst case scenario such as a home invasion when the homeowners are at home during the day with their alarm system disarmed. The front door is kicked in by thugs and the all-in-one self-contained keypad at the front door is “Smashed”.

        The alarm.com “Crash-and-Smash” feature obviously will not work in this example. The bigger question is whether or not any additional panic buttons of the alarm system (located in other rooms or wireless models) will work if the homeowners can get to them because the alarm’s communicator has just been “Smashed”.

        When you stated that it “doesn’t matter where the communicator is, if the system isn’t armed it doesn’t do much at all to protect the home”, you’ve neglected 24-hour zones such as smoke detectors and panic buttons.

        In this example, which is extremely unlikely to occur, the all-in-one keypad at the front door is a bad idea (which we both agree on). “Crash-and-Smash” provides no security for the homeowners in this case.

        BUT – - it this poorly installed system was backed up with supervised heartbeats, the monitoring station would be making a call in approximately 5 to 10 minutes, as you have correctly pointed out. Without the heartbeats, the homeowners are strictly on their own.

        Heartbeats will work regardless of whether the panel is armed or not. Any type of “Crash-and-Smash” detection requires that at least some devices must be armed. A communicator inside a locked storage room could have a motion detector inside the storage room armed on a separate partition from the home, providing 24-hour “Crash-and-Smash” detection for the communicator.

        The MOST important part of your reply concerning self-contained alarm systems is that “the security designer just needs to be aware of their vulnerabilities and account for them”.

        These units are being shipped to clients for self-installation by a lot of competitor alarm companies. The client (homeowner) now becomes the “security designer” and has absolutely zero knowledge of the weaknesses and vulnerabilities of “Crash-and-Smash”.

        Most homeowners will still install the self-contained keypad at the front door, but then they add a motion detector to “look at the keypad”, as they may think this provides a back-up. The only problem is that the motion detector doesn’t work in STAY mode, when they’re at home – - when they really need it to work!

        Who besides you and I are recommending (quite correctly) to readers that they should hide the main self-contained control panel unit and to purchase a secondary keypad to install at the front door?

        Once you relocate the main unit to an interior area of the home, such as the master bedroom closet as you suggested, you automatically achieve “Crash-and-Smash” detection from all of the interior motion detectors which are armed and activated as the intruder “trips them” BEFORE he finds the main control panel.

        Competent security designers and professional alarm installers have been providing “Crash-and-Smash” detection for their clients by hiding the main control panel for many, many years before the term became part of our vernacular.

        In this regard, ANY alarm system can be set-up to provide “Crash-and-Smash” detection – it’s not exclusive to alarm.com.

        If installers (who may be homeowners) don’t understand EXACTLY how alarm.com’s “Crash-and-Smash” detection actually works, and don’t take into account its limitations, it may not work at all.

        I do agree with you entirely that cellular all-in-one units could be a very useful security system – but since you and I are ALWAYS going to relocate and hide the main control unit, what was the point of this “design”? The “design” is leading people to believe that they can safely install the keypad/communicator at the front door.

        The fact that you relocate the self-contained main control panel should point out and reinforce to your clients and readers where your true priorities lie – with their safety.

        Unfortunately, not all alarm companies have this level of concern towards their clients, which is why I applaud your efforts.

        Stay well!

        Dilaney

        reply
        • Ryan Boder  October 21, 2012

          Hi Dilaney,

          You’re right, panic buttons won’t work if the communicator is destroyed. However, in the case that the owner is home when the break-in occurs I recommend that they don’t use a panic button anyway, I recommend that they use their cell phone to call 911. I don’t use a lot of panic buttons in residential designs for that very reason. Why use a panic button to signal the central station so they can call the police for you? Just call the 911 directly and reduce the response time. I’m not clear on why 24 hour fire detectors would matter in the case of crash and smash attacks but you’re right about that too.

          All Alarm.com systems are supervised with heartbeats so I think we are in agreement that Alarm.com is not weak here.

          I completely disagree that hiding the communicator or locating it centrally automatically achieves crash and smash protection. At best the entry delay is 30 seconds. 30 seconds is a long time, long enough to get anywhere in the house, locate the communicator and disable it. In 30 seconds the intruder can check the basement, the master bedroom and every closet in the house. Take a typical ADT system, for example, that doesn’t have crash and smash protection… All I have to do is kick in the door, find the control panel box and disable the communicator within 30 seconds – the system has been defeated. Now consider an Alarm.com system with crash and smash protection… Even if the communicator is right out in the open on the first floor, crash and smash protection still works. As soon as the front door is kicked in a signal is sent to Alarm.com to start the crash and smash count down at their end. Now even if you smash the communicator with a few seconds Alarm.com has already been notified and is waiting for the disarm confirmation signal which, when not received, will trigger a crash and smash event within a couple minutes – the system has not been defeated.

          I absolutely agree that hiding the communicator is better than not hiding the communicator and I don’t recommend that people put it on the first floor right out in the open. However, I think an Alarm.com all-on-one unit with crash and smash protection is better than nothing at all. I also think it’s better than a traditional system with no crash and smash protection but a hidden communicator, which is where it seems we disagree. I think we definitely agree that a system with a hidden communicator and crash and smash protection is the best system of all. However, as with anything, homeowners have to make a decision whether the additional cost of the best system is worth it to them. The cost savings of an all-in-one unit installation are significant and the homeowner should be informed by their security designer of the trade-offs so they can make an educated decision on what’s best for them.

          I applaud the level of detail at which you think about this stuff. Do you work in the security industry? If not, maybe you should, you’d be good at it.

          Best Regards,
          Ryan

          reply
          • Dilaney  October 22, 2012

            Hi again Ryan,

            I didn’t say “Crash-and-Smash detection” was “automatic” by just hiding the communicator. I wrote that it becomes “automatic” PROVIDED that you have motion detectors supervising the hidden communicator which do NOT follow the entry delay and which are tripped first, BEFORE the burglar finds the control panel.

            When someone is told that Alarm System “A” has “Crash-and-Smash” detection but that Alarm System “B” doesn’t, what they immediately believe (without it actually being out-right said) is that Alarm System “B” is somehow an inferior product BECAUSE it lacks “Crash-and-Smash” detection.

            What they aren’t told, or able to understand, is that Alarm System “B” COULD be set-up to provide “Crash-and-Smash” detection, but that it MUST be installed and programmed in a very specific way.

            Understanding how alarms actually work, as well as discussing tactics that criminals may use in attempting to defeat security systems, is essential for consumers to understand in order to determine which alarm company is providing a better service.

            There really are no excuses today for a bad alarm system design or installation other than incompetence or complete disregard for the clients’ security by the alarm installing company.

            You’ve already pointed out to your readers how most of the “competition” is still “pumping out” very weak alarm installations on a daily basis. This doesn’t have to be the case.

            These same alarm competitors could IMMEDIATELY provide better security for their clients [with no change in their actual alarm equipment and relatively little additional labor costs] with the simple installation change of hiding the communicator and then programming motion detectors which are supervising the communicator to be ACTIVE during an entry delay. Celullar communicators for alarm transmissions instead of telephone lines also wouldn’t hurt.

            But they’re NOT.

            What does this say about the “other guys” when compared to your company which is taking an alarm.com cellular system [which is VERY secure right out-of-the-box] and then actually IMPROVING it by relocating the communicator away from the front door?

            When I tried to discuss this on other alarm company sites which also have blogs as you do, they didn’t publish my comments! So not only do these “other guys” NOT care about their clients’ security, when someone writes in with a few embarrassing questions, they SUPPRESS the information WITHOUT changing their equipment, misleading publicity or their installation methods!

            Yes, I am in the security industry and just as you are, I’m fed up with how some alarm companies continue to provide questionable installations and/or product and mislead their clients into believing that they have purchased “security”.

            Thanks for your continued efforts in exposing what you and I both know to be the “dirty little secrets” about the alarm industry. If consumers have more knowledge about what constitutes a professional alarm system installation, they’ll be able to tell when they’re being taken for a ride.

            From one professional to another, keep up the great work!

            Dilaney

            P.S. You and I are security designers who inform our clients about the various security options available to them so that they can make an informed decision. The rest are “alarm salespeople” who are pushing product, whether it completely meets the security needs of their clients or NOT. There’s a BIG difference.

          • Ryan Boder  October 24, 2012

            Oh my mistake, I somehow overlooked what you said about having an immediate motion sensor guarding the panel. Yes, I would consider that to be better than Alarm.com’s crash and smash protection because it would send the alarm signal in 30 seconds after the door kick-in as opposed to 2 minutes with crash and smash protection. Do you ever have trouble finding a location to put the communicator where it can be supervised by an immediate motion detector without causing false alarms in stay mode because the homeowner is walking around? I’m not aware of a zone type that would keep the motion detector active during entry delay but have it inactive in stay mode. Does this exist? If so, which panel and what’s the zone type?

            Thanks,
            Ryan

          • CCC  November 18, 2013

            I see the “smash and crash” feature as simply a bogus attempt for company’s to justify selling the CHEAP all in one ( we call them “plug and play”! ) systems. Let’s not kid ourselves…..they are sold simply because they are easy to install…..less labor, less cost, less skill and technical ability required, period.
            The feature only works IF a protected area is breeched. Most of the cheap companys don’t design comprehensive systems in the 1st place. There are so many ways to gain entry into a home and when this is accomplished the all in one system is a sitting duck.
            We put our motions on either instant or follower zones ( if it does not “see” a delay door open THEN it is instant ). Also, contacting interiors door that lead to rooms where the control panel is located….so the system should be designed that the panel can’t be gotten to w/out an alarm occuring.
            Also the back-up battery in those units is a joke….not the heavy duty jell cell variety used with traditional systems.
            The sound of a loud alarm can not be discounted either. Once it kicks off, a crook is not likely to hang around to find out who may hear it. Even if the c & s feature is working, the all in one system can be defeated before it has a chance to sound…..just follow your ears! The beeping entry delay will lead you right o it! Traditional contro panels DON’T BEEP.
            There will always be customers who base their buying decisions on low price. For this reason there will always be a market for the low end security systems.

          • Ryan Boder
            Ryan Boder  November 19, 2013

            Hi CCC,

            No one here is kidding themselves. Yes, all in one systems are designed that way to reduce equipment and labor cost. You don’t think that in itself isn’t a bad thing, do you? I don’t.

            Most of your rant sounds like you’re implying that all in one control panels mean the system is necessarily cheap with big security holes. I don’t think you’re right about that. I agree that all in one systems make it easier to install cheap systems with big security holes. They make it easier to do just about everything, including installing weak security systems. They can also be used to design and install very strong security systems.

            Don’t pretend you can’t install weak traditional wired systems as well. Have you not seen all the Brinks wired cookie cutter systems out there with the control panel in the basement or garage, a few door contacts and a keypad? I’ve done a lot of security assessments over the years and I have seen VERY few traditional alarm systems where I couldn’t find and disable the traditional control panel within the 30 second entry delay. And no, they did not have interior door contacts and instant motions supervising the main control panel. Your designs might have those extra security features built in but you know very well most traditional systems out there don’t. I’m sure you understand that systems based on all in one control panels can use those same ideas to supervise the main control panel. You raise one good point about the control panel beeping but if you’re going for that level of security you can easily disconnect the speaker on the all in one unit and hide it, I’ve seen that done many times.

            You can design a very good security system with a traditional wired control panel and you can design a very good system with an all in one control panel. You can achieve every single security feature of a traditional alarm system with an all in one system if you think it through and don’t box yourself into the traditional security alarm mindset. The all in one controls panels are just better business in many cases. They often meet customer’s needs better than traditional systems do. Either way, crash and smash protection is a valuable feature in both traditional and all in one systems.

      • Dilaney  October 23, 2012

        Hi Ryan,

        You responded to me with: “Same applies if a hole is cut on the front door, motion detectors get them [burglar] and send an immediate alarm”.

        However, in order for a motion detector to “get them”, several things must be carefully considered:

        1 – There MUST be a motion detector “pointed at” the front door communicator keypad. Most installers assume that everything is completely covered by the “Crash-and-Smash” technology built into the keypad and therefore use a motion detector further INSIDE the home, covering more interior space but not supervising the communicator keypad. If there is no motion detector supervising the keypad, a hole cut into the door allows access to it.
        2 – The alarm system MUST be armed in AWAY mode. If there is a motion detector “pointed at the keypad”, then this motion detector is usually inactive in STAY mode when the house is occupied. Otherwise, the homeowners must be instructed how to re-arm certain motion detectors [such as the one at the front door] while they are inside sleeping.
        3 – An additional means of disarming the alarm system from the interior by the homeowners, such as a second keypad in the master bedroom or Smartphone app is required, since an active motion detector is being used to supervise the front door’s communicator keypad [while the homeowners are inside sleeping].

        There are a LOT of points to take into consideration when designing a securtiy system, which the average homeowner [and some installers] cannot even begin to comprehend!

        Yet today “alarm systems” are being sold as “lick-and-stick kits in-a-box” everywhere for self-installation!

        Education is the key, and your readers should now understand and appreciate the HUGE difference in security that is provided by you relocating the main communicator keypad.

        All the best!

        reply
        • Ryan Boder  October 24, 2012

          I agree and I’m impressed. Very good points. Which company do you work for? (if you don’t mind me asking)

          reply
          • Dilaney  October 24, 2012

            I own a small “Mom and Pop” alarm company in Montreal, Quebec (Canada).

            DSC (Digital Security Control) panels have a zone defined as “Option 32 – Instant Stay/Away”. This zone will be bypassed in STAY mode, but will provide an INSTANT alarm in AWAY mode during the entry delay.

            I don’t have issues with clients setting off motion detectors which supervise the panel since this is properly explained to them beforehand. Usually, this type of installation takes advantage of a small, rarely used and locked utility closet which the homeowners don’t go into often to begin with.

            Any alarm system can only work as long as it remains functional. By moving the communicator upstairs into the master bedroom closet, as you do, it increases the odds that an alarm will be transmitted by several motion detectors and/or door contacts on the lower floors before the burglar actually finds the equipment to destroy it.

            Quality of alarm installation is a very, very important consideration when choosing an alarm service provider, which consumers typically only find out about AFTER the fact, if they don’t ask the right questions or are only looking at the lowest prices.

          • Ryan Boder  October 26, 2012

            If you ever feel like moving to Columbus, OH, USA, you have a job offer!

      • john  April 2, 2014

        Hi There,Ihave just recently tested smash and crash alarm.com ,and have found it to take over 4 minutes to report.
        This was confirmed by ADC tech support,watching in while I tested.It was using a Networx panel.Tech stated that
        THREE minutes must pass before signaling an alarm event.Both times I tested this feature took appx.4 min.30 sec.
        I only had a 5 second delay before dial,seems disappointing!

        reply
  6. rive  October 19, 2012

    This is how I would do it. Put a touch pad by front door, put the main panel in another part of house in an area protected by a infared motion with no delay.

    Even if they use the 30-45 seconds to locate main panel, the motion will catch them before they can actually smash the main panel, and alarm it instantly

    reply
    • Dilaney  October 22, 2012

      Hi Rive,

      Thanks for backing up my previous comment.

      Older alarm panels had a problematic security design weakness in that interior motion detectors “followed” the front door’s entry delay. This meant that once a burglar FIRST kicked down the front door which triggered the entry delay, ALL of the interior motion detectors strategically placed around the home would be INACTIVE during the time allotted for the entry delay.

      If the time programmed for the entry delay was 30 seconds, the thief had 30 seconds to locate and destroy the alarm communicator AFTER kicking down the front door.

      This is no longer true with today’s alarm panels. Motion detectors can now be programmed to provide an immediate and instantaneous alarm – even if the front door contact has been kicked in FIRST.

      Of course, this set-up depends upon the alarm installer actually understanding how to design and install the security system properly and then program the motion detectors accordingly. Some installers still “don’t get it”.

      The mistake that I see some installers continue to make today is that they’ll install the main communicator in the basement where any motions detectors that could be used to supervise the alarm panel have been deactived in STAY mode by the homeowners who are inside the house.

      Ryan does understand alarm system design and truly does care about his clients’ security since he has adopted a standard installation practice of relocating the main communicator/keypad away from the front door and placing it upstairs inside the master bedroom closet. This clearly sets Ryan apart from most of the “competition”.

      reply
  7. Jeff  November 5, 2012

    …and actually, I don’t think that moving the keypad is a true protection (as per the discussion after the article). At least with the two keypads I’ve had over the years, the sound eminates from the keypad-the beeping to alert you that you have 30 seconds to disarm the system. That makes a pretty good location system.

    reply
    • Ryan Boder  November 6, 2012

      Hi Jeff,

      The point is that by not placing the main panel right next to the entry door, it would take time for the intruder to locate the panel even if it is beeping. By that time the initial crash-and-smash protection signal has already been sent out, so even if they do destroy the panel they are caught.

      Best Regards,
      Ryan

      reply
  8. Guy  January 6, 2013

    Ryan: Very informative article and even more informative conversation happening here through the comments. Appreciate your time and effort to verbalize your thoughts concerning security. Much appreciated!

    Dilaney: I am looking for a radio monitoring system for my existing alarm system. You seem to have the same passion for security as I do (with a little bit more knowledge than me). Since you are based in Montreal as well. Could you please get in contact with me? I’d like an estimate and a rundown on the technology on how it can be done. I hand assembled and meticulously installed my alarm system using many techniques that were discussed here, _BUT_ I don’t trust my phone line. People say I’m paranoid, but looking at the entry point of my house, cutting it and disabling my system is the easiest thing to do.

    Thanks,

    Guy – frosterg !at@ gmail.com

    reply
  9. Mike  January 20, 2013

    Hello all, I find the back and forth over which panel and which location is better a little amusing, 99.9 percent of all systems installed use the reed switch which is over 70 years old and can easily be defeated with $10.00 worth of equipment. If you really want to get fancy you can buy a stun gun and a cell jammer and render any home security system useless.

    Reed switch defeat with a defeat magnet (use a compass to locate installed magnet)
    Stun gun creates a lightning strike to blow up a panel and or fuse the contacts together.
    Wire cutter to cut phone line and or cable line.
    Cell jammer to jam any radio signal.

    So with less than $500 worth of equipment anyone can defeat any home system.

    Yes I am in the industry for over 25 and all in one systems are worthless at providing real security. I am also a National Industrial Security Systems expert / Department of Defense.

    There many other techniques which I will not publish, but all of the ones I have described above are common knowledge and can also be found on youtube.

    reply
    • Ryan Boder  January 21, 2013

      Hi Mike,

      You are certainly right about defeating reed switches as well as your other methods of attacking a home security alarm, but I don’t think your assertion that all-in-one systems are worthless is a reasonable conclusion. It doesn’t even make sense…

      1) None of the techniques you described have anything to do with “all in one systems” vs traditional “panel in a can systems”. In fact, the stun gun attack you described which works on traditional systems doesn’t work on all-in-one systems because they tend to use wireless sensors and aren’t electrically connected to the main panel so all you would do is fry one sensor, not the whole system. The other 3 attacks apply to all systems, not just all-in-one systems.

      2) Just because reed switches can be defeated doesn’t mean they are useless. Even if they serve no security purpose against an intruder, they still serve to trigger the 30 second entry delay for the homeowner and the interior motion detectors still provide security if they are defeated. If you defeat the reed switch you’ll just get detected by the motion detectors inside the house. Are you familiar with Magnasphere sensors? http://www.magnasphere.com/ They can be used in place of reed switches with any alarm if you prefer.

      3) “Worthless” all-in-one systems are still deterring intruders every day and catching those burglars who aren’t smart enough to defeat them, which is most of them. If one has enough valuables to entice a security expert like yourself to attempt a break-in then perhaps they should invest in a higher end security system. All-in-one systems with reed switches and motion detectors are a good value for the average homeowner.

      Best Regards,
      Ryan

      reply
    • Dilaney  February 11, 2013

      Hi Mike,

      The point of our postings was to show how that the “typical burglar” can get past and defeat a poorly installed alarm system without the need for any of the expensive “tools” which you’ve described.

      You’ve neglected information from my previous posts:

      • A cellular jammer works on cellular signals, not radio frequencies. Our networked radio communicators are not defeated by a cellular jammer. They have multiple pathways to reach the monitoring station, so if one is disrupted, they seek an alternative route.
      • Supervised heartbeats provide notification 24/7 of destroyed alarm equipment. This ensures that if the alarm equipment is destroyed (even by the cleaning staff while the alarm system is disarmed) that the monitoring station will be aware within 6 minutes of the attack.

      Most so-called “professional security systems” that I see by my competition are very poorly installed and I am easily able to defeat them, BEFORE they create any sort of alarm. The homeowners that I have to explain this to are obviously very upset that they paid money for “an alarm system” that I can get past and disable without requiring any special tools.

      I have not yet seen a sophisticated alarm system attack of the nature which you have described. But as I’ve pointed out, a radio communicator with supervised heartbeats will provide notification of a stun-gun attack by a smart crook with $500.00 of techno gear.

      reply
    • rive  April 27, 2013

      No.

      The 2gig systems also have an option to enable detection of rf jamming and cause a trouble (much like tamper causes trouble) (Q65 (1))

      If a 345mhz jammer is used this will immediately put the panel into a trouble state and signal CS (if it doesn’t outright alarm the system, there seems to be much confusion regarding this aspect)

      CS can be directed to treat a jamming trouble as a dispatchable initiating signal

      reply
  10. ObiQuiet  February 23, 2013

    Interesting discussion! Question: What is the typical transmit time for the initial crash & smash signal? 2s? 10s?

    reply
    • Ryan Boder  February 25, 2013

      It’s at least as long as the entry delay with some extra time to allow for signal delays.

      reply
  11. ObiQuiet  February 26, 2013

    Hmm, maybe I wasn’t clear in my question… What I wanted to know was the time that it takes between event #1 and the completion of event #2 from the scenario posted above:

    “1) A crook kicks open the front door.
    2) The system successfully notifies central station that a door is opened and to expect a disarm code soon.
    3) Crook smashes keypad control panel.
    4) Central station determines that the disarm code has not been entered, ”

    (Not the time it takes between #2 and #4.)
    Thanks again!

    reply
    • Ryan Boder  February 26, 2013

      That would depend on the cell tower and signal strength, but 2 seconds is a good estimate for the normal case. 10 seconds is probably possible but I’d think only when the cell tower connection is very bad. When we’ve tested this, albeit with good a good cell signal, it’s been no more than 1 or 2 seconds.

      reply
  12. Bug  March 22, 2013

    Even if the alarm system still works, the delay from getting the police dispatched it at least 2 minutes. With all of your technology or not. Sophisticated or unsophisticated. Factor in travel time for law enforcement. One is rarely caught in a house. Here’s my thoughts. In any alarm situation a burg is in and out in less than 5 minutes. typically 2 minutes. Use any alarm company and any system because it won’t matter…he’s gone in minutes. The fear of what if drives him out. Here’s what works pretty close to 100%.

    You don’t need cellular back up, or alarm.com. Put a sticky note on the keypad with “kids code has been programmed it’s 4567″. Leave it right on the keypad. The burg wil think you’re an idiot and of course use it to disarm. He’s just typed in the duress code. A duress dispatch is highest priority, much higher over a burg so your monitoring station will respond to it faster and higher priority for police so they will respond faster…a lot faster than burg dispatches. We have caught four perps in one year doing this. Four out of four for my company. Don’t waste your money on alarm.com.

    reply
    • Ryan Boder  March 25, 2013

      Hi Bug,

      You have an interesting idea there but I have a few questions. 1) What if he cuts the phone line before breaking in and there is no cell backup? 2) What if the burglar doesn’t fall for it but smashes the panel instead? 3) What if the customer wants instant notifications on their phone, or other Alarm.com benefits?

      Our central station responds very quickly to burg and duress, not slowly like most do.

      reply
  13. LowTech  April 17, 2013

    After reading most of the comments, it appears to me that the whole solution to the Crash and Smash scenario is to get rid of the exit / entry delay completely and have all alarm systems Armed/Disarmed by Keyfobs from outside of Homes/Businesses. For some Businesses, it might be a bit more difficult to implement when you have a “large” number of individuals with the ability to Arm/Disarm the System or when you have Cleaning Crews that need access to the premises after hours. We use Keyfobs at our residence and we have an Ademco VISTA 20P System, with one delay Exit/Entry Front Door and the Panel is very visible in the Utility room of a single level residence (Plan to conceal in a wooden cabinet).

    After reading the above comments, I’m inclined to get rid of the delay on this door altogether, although all home burglaries I have seen in our City, the burglars have used the doors/windows at the rear of the property. The Front Door is very close to the Street (very visible) and you have to go through a secondary locked door before you are completely inside the residence.

    For an Ademco Panel, what other methods are available to prevent Crash & Smash for a Panel located in an easy accessible room?

    reply
    • Ryan Boder  April 17, 2013

      Hi LowTech,

      You’re right, disabling the entry delay all together and disarming from outside is absolutely the most secure way to do it. However, using keyfobs creates a security risk because if someone steals your keyfob then they can disarm your system without knowing your code. The most secure way to do it is to use an interactive system like Alarm.com and disarm from outside with the app. Make sure the app requires you to punch in a code so that way you’re still requiring a code but there’s no entry delay on the doors.

      One way to solve your problem is to protect the panel with a motion detector that’s programmed as an immediate or perimeter sensor. Or put the panel in a closet or cabinet with a contact on the door that’s programmed as immediate or perimeter. Just make sure there’s no way to reach the panel or the communication path without tripping that sensor first, and use a communication method that’s fast – i.e. use cellular or IP, not land line phone.

      Best Regards,
      Ryan

      reply
  14. John2  August 6, 2013

    Most people I know have internet service at home, either DSL or cable. If your panel sends a short “I’m alive” packet to a remote server every 5 seconds, all the time, 24/7 it would not take much bandwidth. If that ever cuts off, landline and cellphone calls or other automatic checks could be done quickly, and escalated as appropriate. Now of course this is not practical if your internet is not reliable under normal circumstances, when burglers with wire snippers and hammers aren’t around. But my own connectivity experience has been good. Once it was setup, in all three places I’ve lived in the last 15 years, my internet (DSL) was working 24/7 except for rare local power outages, and maybe 1x per year provider downtime for a few hours. One year, I had a device uploading data to remote host about every 30 seconds, and my logs had the full year of data except for those few hours. Note I am talking here about a wired ethernet LAN. I agree that wireless (wifi) links are not very reliable, but that is another issue.

    reply
  15. Jon  August 13, 2013

    I’m a homeowner that bought an alarm system sold by a door-to-door salesman. I didn’t start thinking about ways the alarm could be defeated until after I signed up for a 3 year agreement. I hadn’t heard the term, ‘crash and smash,’ but when I read the alarm manual where it talks about the 15+ second delay between when the actual alarm sounds and the time that the gsm modem contacts the alarm company, I was ‘alarmed,’ to say the least. I put two and two together, and then did a few Google searches, and found out about Alarm.com, and read the description of ‘crash and smash.’ I realized that I bought an over-priced remotely-monitored fire alarm with fake burglar protection included. How was I supposed to know, though? I assumed the ‘security consultant’ knew at least a little about what he was selling. The installers even put the all-in-one unit right in front of my leaded-glass front entry door. (Next time, I will do the research first, and then sign the contract)

    Now, 3 years later, I’m going to install a new system myself, and it will be much more secure thanks to your blog and others like it.

    Thanks for some excellent posts.

    –Jon

    reply
    • Ryan Boder  August 14, 2013

      Hi Jon,

      It sounds like you’re already way ahead of most consumers on this stuff. Thanks for the positive feedback!

      Ryan

      reply
  16. Paul  September 23, 2013

    Really enjoyed reading the article and all of these comments, even though I have absolutely no experience of installing any kind of alarm system. I do, however, have a great deal of experience with computers and computer networks and enjoy logic puzzles which is exactly what alarm system designs are in a way. I have always wondered why alarm systems do not make more of some simple logic to determine whether a burglary is taking place or not. By which I mean: Suppose you have an array of sensors all over a house. The owner would know where the control panel was but not a burglar (usually). So the owner would have say 30 seconds to get from the front door to a cupboard in the master bedroom and switch off the alarm. If there is any deviation from a preprogrammed path, such as somebody enters the guest bedroom or a bathroom, rather than the master bedroom in that 30 seconds the alarm will be triggered. Also to eliminate the idea that the beep from the main box would lead a burglar to the panel, why not simply deploy false beepers or put the beeper away from the main panel?

    reply
    • Ryan Boder  September 24, 2013

      Hi Paul, interesting idea about using motion sensors to monitor the path you walk to the panel. I haven’t heard of that being tried. As for false beepers, secondary keypads do just that. They beep just like the main panel and they also allow you to disarm directly through them. Some systems do place the beeper away from the main panel. It’s the all-in-one units that have the main panel with the beeper built in. All-in-one units are designed that way mainly for low cost, ease of use and installation. They use a different approach, crash and smash protection or advanced protection logic to solve the crash and smash attack problem.

      reply
  17. Mike  October 28, 2013

    Ryan,

    is it possible to defeat a cellular panel with a cell blocker? For example office arms system friday night, no signals until panel is disarmed noon saturday by the cleaners. Office has been trashed, equipment stolen. Office calls in, system is tested and walk test avticates all sensors all the path of entry into the office and back out again.

    reply
    • Ryan Boder  October 28, 2013

      Hi Mike,

      It’s possible to block the signal but as far as I know with 2GIG Alarm.com systems it’s not possible to do so undetected. The panel knows if the cell phone signal is being blocked which triggers an alarm, as would the actual break-in. As soon as the channel is clear again it would report that to the central station. You would be notified and the panel would be in alarm state when the cleaning crew arrives.

      Best Regards,
      Ryan

      reply
      • dose it matter  January 23, 2014

        There’s no way to safe fairs you home from a burgled if your not there.point blank. It’s a hard pill to swallow but t rue

        reply
        • Ryan Boder
          Ryan Boder  January 23, 2014

          Your logic is sound… as is your spelling and grammar.

          reply
  18. dose it matter  January 23, 2014

    If there is any delay the system compromised. Point blank.all a burgled needs is 30 seconds any more then he should get a new occupation.

    reply
    • Ryan Boder
      Ryan Boder  January 23, 2014

      I’d rather have a burglar forced to leave within 30 seconds than giving him hours to clean out the whole house!

      reply
  19. Joao  January 28, 2014

    I would rather see alarm system with DSL/ Fiber/ Cable/ Satellite connection (using several LAN exits for backup) as primary circuit communicating every second with central station saying “every thing fine here”… and if their is any problem should be able to use any additional connection (sometimes a thief can disable main DSL line a leave cable internet alone), after all land lines are found inaccessible, should then switch to 5G (in near future) / 4G/ 3G/ GPRS Internet Connection… and report the problem with the fixed landline, while keeping sending signals saying “every thing else is fine here”… and both fixed lines and mobile internet are both unavailable should switch to two-way long distance radio communication mesh network informing that both landline and mobile Internet are not working (jamming?) but still everything fine here… and keep sending signals all the seconds or maximum at 5 seconds intervals… if nothing is received at central alarm centre either a meteor/ hurricane/ tsunami crashed the entire area or someone is blocking the signals and should respond as a real alarm.

    All this communications always using really good encryption and authentication, above industry standard… like using 512 bits all around protection for more then say 30 years of protection using the same technology (say: threefish-512, SHA3-1024 bits, NTRUSign with the appropriate strength to 512 bits of security, and some sort of always changing secrete code technology that offers forward secrecy (something equivalent to DHE, but appropriated to 512 bits of real security)… you get the idea.

    So with this, it goes out of the windows almost any possibility do disable, interfere or jam the main central in the house since any attempts to block the outgoing signals will only add much higher probability that it is being made on purpose to block the alarm system connection to monitoring alarm station… even if the system is disable (but still enable and ready to be activated)… the signal is being sent, so disabling the online communication at any moment of the usage (away, home, disable….) will always have a response. Of course should be available a option to test the local alarm system components so that user is sure everything is working properly… but without activating remote central alarm response (should enter the code locally in a display that presents a always changing position keyboard and that can’t be viewed outside a certain angle, and not communicate it over voice… to avoid microphone’s listening that special code).

    To protect the outside siren with the flash light: “SECURITY ALERT ALARM BELL BOX PROTECTION GALVANIZED BLACK CAGE” (can be find on Amazon)should do the trick… the box can also have tamper switch adapted to it to make it even more difficult then removing some security screws.
    To protect the main alarm system that receives and send the information you can probably install a Wall-Mount Plastic Enclosures with the back part remove in order to allow fixing the steel case of the main alarm system to the wall directly… or drill a hole in the plastic enclosure to let the screws to be attached to the wall… as long a hammer can not rip everything out… is good to go… and if the system produces heat and moisture you can add small fans below and something to absorb the moisture. This should better protect the main steel case and the outside 5G/ 4G/ 3G/ GPRS antena… and allow communication to happen while it protects it from the view.
    You can call it something unsuspecting like “TV signal distribution equipment”, “Home automation floor distribution equipment”, or any thing else you can remember… or nothing at all. The front part should have at least two of the four, different security screws, to make it more time consuming to remove them. The interior should not emit any sound to make it more difficult to recognise as the place where it’s the main unit.

    Of course if it is a small alarm company monitoring it, people can still be bribed/ someone kidnapped that they love… to ignore the alarm signal… and since most are not well paid chances are some of them will accept. The same can happen with the private guard company personal that response to the alarm signal… many times they will accept bribes since are very badly paid… and they just have to say that everything seems ok and go away… even if they are seeing the thief inside… most people that have alarms also have insurance policy, so not even them will be seriously harmed. The same with the police, but this is generally much harder to happen.

    reply
    • Ryan Boder
      Ryan Boder  January 29, 2014

      What you just described would be a fantastic security alarm system. Expensive, but hard core.

      reply
      • Joao  January 29, 2014

        The most expensive would be having Fiber optic, DSL, Cable, and Internet Satellite simultaneous connections… by the owner… normally the “GSM” (5G (future), 4G, 3G, GPRS) is included in the price (but even if not, is not that expensive), and mesh network will cost a lot to a nation wide company, but not that much to a small station that monitors mainly regional alarms.

        But if the person is a wealthy one, and takes its security very seriously (life risk or very high risk of thief’s coming for example), it may want to take all this precautions… and if the main alarm center knows that local alarm have 3 main lines, GSM backup, and mesh network… and nothing is communicating… is almost sure something is wrong! (Maintenance, backup battery failures… should be report with some advance in time).

        The only think I forget: backup battery should support everything for at least 7 days… probably means a bigger box to put bigger battery’s (hopefully with NATO’s/ military kind of standard… to last many years without any problem). So even if some thief cut the energy (in a holidays house somewhere), people will still be protected and have time to go their or call anyone to go their and solve the electricity problem.

        reply
  20. Riley  March 9, 2014

    since technology is advancing so much today couldn’t a burglar just cut the lines from outside and plug the phone line into a computer sending that “Ok signal” to the security system provider so no alarm trips in that 1 to 4 second time frame and they don’t get caught?

    reply
    • Ryan Boder
      Ryan Boder  March 10, 2014

      Alarm.com communicates via cellular towers, not the land line telephone. There is no line to cut and transmit through. What you’re describing is known as a “man in the middle” attack. It would be fairly simple to do that with a land line telephone alarm system using unencrypted communication but it would also be unnecessary because there is no crash and smash protection with land line alarm systems anyway. Doing that with an Alarm.com cellular system would be prohibitively difficult and absolutely not worth doing for the kind of extremely sophisticated hacker it would take to even have a chance of succeeding at this. If, for example, the Bellagio Hotel were using a simple Alarm.com system to protect their vaults then it might be work trying. Until the crew from Oceans 11 is trying to get into your house, Alarm.com’s crash and smash protection is sufficient for you.

      reply
      • randy  June 6, 2014

        if a separate relay were used using the phone line power and wired into the system correctly, it could trigger an alarm easily, if the line was cut outside.

        reply
  21. Professonal Installer  April 22, 2014

    We do not install many of these self contained systems and would only do so in a rental apartment, they are crap. We install Napco, Honeywell but mostly ELK. We always remote our cell backups and invert a trip, and set it up as silent alarm DO NOT VERIFY. No system set up like this will be crashed and smashed. REMOTE THE GSM AND INVERT THE TRIP !!! Don’t install crap and you won’t be a crappy company !!!

    reply
    • Ryan Boder
      Ryan Boder  April 22, 2014

      Oh come on… tell me what you really think. ;)

      reply
  22. Andro  April 24, 2014

    Ryan,

    RE: Crash & Smash

    Two questions:
    1) In a crash & smash case, is it the keypad or the control box that an intruder will smash to disable the alarm system?
    2) Will an external hardwired alarm bell continue to function once the intruder destroys the control box/keypad?

    Thanks!

    reply
    • Ryan Boder
      Ryan Boder  April 25, 2014

      It’s the control box/panel or the communicator they will smash. If it’s an all-in-one unit then the control panel is also a keypad so it can be both at the same time. I contend that while all-in-one units get criticized by traditional security alarm guys because they make noise and potentially draw the bad guy to the control panel, that’s not a valid criticism because:

      1) If you look at almost all the traditional alarm systems installed the control panel is in a location that any burglar can easily find within 30 seconds so the control panel is just as vulnerable to crash and smash attacks but they don’t have crash and smash protection like Alarm.com systems do.

      2) Yes, with enough effort you can install a traditional system so the control panel is very hard to find – making it less vulnerable to crash and smash attacks. Likewise, you can also disable the sounder on an all-in-one unit, install it in a hidden location and then use a wireless keypad such as the 2GIG TS1 for day to day use in the open. It costs a little more this way but it also costs more to install a wired system in a well hidden location because it’s more difficult to run the wires to an obscure location and install/service the panel there. You need more skilled technicians for that and they have to spend more time.

      It all comes down to money. Is the customer willing to spend a little more money on design and labor to have a more secure system or are they just going to buy the cheapest. For the 80-90% of the population out there who will just buy the cheapest, which means a quick and dirty install, they’re better off using an all-in-one unit with crash and smash protection than they are a traditional system without crash and smash protection.

      To your second question, no, sirens will generally stop working as soon as the control panel is smashed. It’s possible to design a system so that’s not the case but most people aren’t willing to spend the extra money on hardware and installer intelligence to make that happen.

      reply
  23. randy  June 6, 2014

    i stopped reading these threads about a quarter way through. i’m not an alarm tech, i just fiddle with them on properties where i work. i’m just a maintenance tech for apartment communities. a supervisor. first, upon new construction, the boxes should be mounted in the wall. this helps prevent cutting of wires. second, field installed systems could be easily partitioned and use an IR beam or motion sensor at the box area. attic installs are dumb. heat is a computers worst enemy. if there are one or more IR beams or motion sensors placed on the way to the box, would this not trip the alarm during count down if the code had not been entered? how about alarming the door to the box location area? second or third partition out the part of the home where the box is located. sensors would set of instant alarms. where i work, the fitness center and the office area use one alarm box and each area is partitioned off on it’s own alarm code and sensors. when entering the office area, if you don’t put in the code for the fitness center and open the door between the office and the center, the IR/motion sensor on the opposite wall nails you and turns on the instant alarm. the box is located in a locked storage room away from the office. the separation of the two areas are needed as the office closes earlier and the fitness center remains open until its later closing time. that’s my input, right or wrong. i’m not an alarm specialist, but, i do like to tinker. i have repaired, reprogrammed, programmed, and installed a few units myself and only have issues with the programming. i miss one or two little sections once in a while. i find following the instructions in the box or pulling up manufacturers info online are the usual problem. i look online for more down to earth explanations and how to’s. it seems they tell you to do it one way and it should have been another. i just replaced a unit in the office area and the instructions said nothing about changing an item in code 013 other than the TLM. gave me problems for a while until i found better info on line. now she works great. my next challenge will be hooking it up to the computers so the owner at home in another city can monitor who comes and goes. i have the hardware, just not the time right now.

    reply
  24. JMLapointe  June 20, 2014

    I have a wired system now but would like to add some wireless components. I hesitate, however, because I’m concerned someone can just mess with the RF signal. Isn’t that possible? So if someone uses a device to scramble the signal then the “open door” or “broken glass” signal won’t be received. Is that correct? I can’t seem to find a yes or no answer online.

    reply
    • Ryan Boder
      Ryan Boder  June 26, 2014

      If 2GIG has done their job right then messing with the signal would result in a tamper alert on that sensor.

      reply
  25. darius  August 3, 2014

    This is still trivial to defeat once you understand how they work. Power on your gsm, cdma, tdma, etc cellphone scrambler (not difficult to obtain or incredibly expensive) to take out the wireless monitoring component at the same time you cut / disconnect the homerun line which is typically available at the nid. Then kick in the door and find the box at your leisure since the siren will almost always get shutdown once the panel is destroyed. And neighbors will almost never take a second look at a house if the alarm goes off within a short period of time. Alternatively I’ve found that a number of panels can be shorted out by supplying the right “high voltage” to it via the landline (assuming there is one).

    Alarm systems are simply easy to defeat if you do any research into them. I work in the security industry and have done a number of physical audits and it’s pretty much a joke every time.

    reply
    • Ryan Boder
      Ryan Boder  August 4, 2014

      What you described is not trivial for most people, especially typical burglars. With your logic door locks are even a bigger joke because all you need is a drill to defeat them, or better yet, your foot – if you just kick in the door. Do you still use door locks on your house despite the fact that they’re so easy to defeat? The percentage of burglars who can outsmart a modern, well designed security alarm is small. Alarms are also an effective deterrent because why risk trying to outsmart an alarm when you can just break into a house that doesn’t have one? Alarm.com has now added IP as an additional communication path to make it even more robust.

      reply
      • li  September 26, 2014

        Hi, I’m having an issue with my adt which no one seems to be able to help me with or even believe that it’s happening.
        Someone is coming into my home and evading my adt system and adt pulse. Never find clips of him when he comes inside my front door and my alarm history shows nothing. Windows are secure. No other entry into my home. He’s in the military and I don’t know what kind of technology he has access to. But how is he not being caught on camera? How is there no history of him logging into my pulse account to delete clips. I read online about devices that can evade adt. Is that the explanation?
        Thanks very much!

        reply
  26. ELVIS  November 16, 2014

    HI RYAN….If they cut the phone wires before the burglary,will it still send the signal? even tho it has the smash and crash …

    reply
    • Ryan Boder
      Ryan Boder  November 16, 2014

      Yes, it would send the signal via cellular.

      reply
  27. ELVIS  November 16, 2014

    MY father store was burglaries by covering the motion sensor,even tho the police went to the seen and found no force of entry…Will ur alarm system determine that?. Nowing there is something wrong with the sensor.

    reply
    • Ryan Boder
      Ryan Boder  November 16, 2014

      You should install motion sensors in locations where an intruder would be detected before they can reach them. What were they covered with?

      reply

Add a Comment