Garage door security

Tarheelpilot

Final Approach
Joined
Dec 5, 2010
Messages
7,507
Location
North Carolina once again.
Display Name

Display name:
Tarheelpilot
So ... all you smart IT/systems folks. My garage door imploded last week. The replacement opener from lift master has WiFi connectivity to allow remote operation and monitoring.

is it secure or an open door to thieves?
 
Real world, most of the subhumans that would be trying to rip you off are far to stupid/lazy to hack the system.

If somehow you got on someone’s radar that has the ability or tenacity to hack the WiFi and means you harm, that door is the last of your worries.
 
I use it. Its cool and no security issues that I’ve found.

Same here. Cool app and works great and quickly. Ever drive away wondering if you closed the door? No worries, the app will tell you. Reasonably good security on the app as well.
 
The garage door itself is one of the less secure entry points unless you remove the emergency disconnect cord and handle. So far I haven’t seen any stories of attacks against the WiFi equipped openers. They do have an advantage if you park outside the garage and only use your phone as an opener, you now have no opener in the car to break in and steal to gain access to the house.
 
If it uses “the cloud”, it’ll get hacked eventually.

Still better than people who have vehicles parked outside with garage clickers hanging from the visor. LOL.

And as others have mentioned, attacks on the emergency pull are usually easy.

And your house probably has ground floor windows without bars or film reinforcement anyway. Especially those long ones next to many front doors. Thieves love those.

So it’s not a huge deal. Not truly 100% secure, but way better than your biggest problem or easiest way in. :)

The best setups “security”-wise are DIY and don’t talk to “the cloud” ever, but then you need your own server for them to talk to, and stuff... to get an app to the cellular network/internet.
 
They do have an advantage if you park outside the garage and only use your phone as an opener, you now have no opener in the car to break in and steal to gain access to the house.
Perhaps I'm being unimaginative, but why keep an opener in the car if you don't park it inside the garage?
 
Real world, most of the subhumans that would be trying to rip you off are far to stupid/lazy to hack the system.

If somehow you got on someone’s radar that has the ability or tenacity to hack the WiFi and means you harm, that door is the last of your worries.


^^^This! :)


If its just Wifi, I believe its all going to depend on your network security. Do you broadcast your SSID, is your passcode sufficiently strong? Do you use the WPA2 or WPA3 security protocols? Have you taken steps to identify and limit your wifi to known devices?

And, as others have said, if it is a connected "smart" device that talks to Alexa, or allows you to open your garage door from anywhere in the world, chances are sooner or later, like your social security number and all your other personal info, its gonna end up compromised.
 
Last edited:
Honestly, if a burglar wants in the house there are probably easier ways. Locked doors and windows only deter a theft of opportunity, a pro will get in. That's where it pays to have security systems and other measures in place.
 
Perhaps I'm being unimaginative, but why keep an opener in the car if you don't park it inside the garage?

Many people enter through their garage.

Or they just program the built in opener in the car in all their cars but don’t it can’t park all of them inside.
 
Real world, most of the subhumans that would be trying to rip you off are far to stupid/lazy to hack the system.

If somehow you got on someone’s radar that has the ability or tenacity to hack the WiFi and means you harm, that door is the last of your worries.

Actually they’re smart. They’ll just pop a window. Or bump key the front door. Why waste time? The typical household Kwikset or Schlage is a three second bump to open. Especially the electronic ones. Super cheap cores and five non-security pins. Bump. Open.

There’s a pretty good video of a house thief who was doing time who had done hundreds of houses and was atoning for his sins by making a video to show the parole board — he never did anything fancy, and he hit houses with alarms all the time. All he had to do was get in and out quickly with easily pawned items. He would pretend to be a jogger and case the neighborhood for a week, then hit a bunch of houses at once and move on. His favorite were those long windows next to big grand front doors. Easy to pop, quiet, could look like a delivery guy to be on the front porch, once popped didn’t look popped from casual glances from the street, squeeze thru and let yourself out whatever door when finished. He wasn’t worried about dogs either. Said dogs that barked all the time were even better. Everyone already was trained to ignore them.

No point hacking the WiFi. The garage door company surely doesn’t have the best and brightest server security folks out there. They don’t pay anywhere near what finance and other companies do that need server security. Go after the “cloud” server. Way easier.

But the hackers interested in messing with the garage door company usually aren’t doing it to break into a house. They’re doing it for larger scale mayhem and kicks.

What you should really do is hire “Wag!” to walk your dog and use one of their key boxes! LOL. Kidding. LPL is fun... and most locks are garbage... literal garbage...

 
Many people enter through their garage.
Many garages have a pedestrian door.
Or they just program the built in opener in the car in all their cars but don’t it can’t park all of them inside.
Fair point. But doesn't the built-in opener require the ignition to be on or in ACC mode?
 
Haha. He just released another quickie with three cheap padlocks. Fun. One second each.

 
Do you broadcast your SSID

[edit]
What I have written here is not quite right but the sense of it is correct.

https://en.wikipedia.org/wiki/Network_cloaking
[/edit]

Just a small point, unless it has changed over the last few years all WiFi Access Points always broadcast the SSID.

If you tell the AP to not send the SSID (I forget the jargon right now) it then only sends one copy instead of two. All you need to see the SSID in any case is a packet capture setup. This is pretty trivial to set up and is cheap or free. Winpcap and Wireshark if you happen to have a suitable WiFi card and many are suitable.

My understanding is that turning off the visible SSID also messes with channel selection by other APs, so you are more likely to get tramped on by your neighbours.

I never do it now.
 
Last edited:
Fair point. But doesn't the built-in opener require the ignition to be on or in ACC mode?

Most don’t. They want you to be able to open the door from the inside before you start the vehicle. Or reach in and use it to get the lawnmower out in summer without walking to the wall button.

Some are so cheesy they’re built into mirrors or just a module that pops into the overhead. They’re often just the same inside as the ones that come with the opener, just have a 12V always on wire to them and are in a plastic housing the car maker just popped into the trim.

They’re more about convenience than security.
 
I never do it now.

You’re correct. Hiding the SSID is useless these days — if it was ever useful — and actually can cause problems.

Plus these garage door things don’t usually have any sort of unencrypted method to talk to them nor do they talk unencrypted to their mother ship, so someone getting on your WiFi really gains nothing if they’re going after them.

You’re probably more at some sort of risk letting the garage door company see the rest of your network than from hackers wanting to get to the garage door. :)
 
The biggest issue now with non broadcast SSID is that instead of constantly advertising it at your house, you are now walking around with smartphones or tablets that are rarely really off, so they constantly ask If the configured non broadcast SSID is there, giving that much more surface to track your device and in turn you. And it stands out as different, possibly raising the question of why you are different, and making you a more interesting target.

As for remotes in cars not parked in the garage, using it for entry is really common for rear entry garages, especially if you keep your back yard gates locked. Heck our HOA used the addition of a person door to a garage as the major evidence in a lawsuit claiming an owner was subleasing the garage in violation of the covenants.
 
Hiding the SSID is useless these days — if it was ever useful — and actually can cause problems.
With the stock Netgear firmware, the only way to disable WPS is to turn off SSID broadcast. {DD-, Open}WRT support can't come soon enough on my model. :mad:
 
So ... all you smart IT/systems folks. My garage door imploded last week. The replacement opener from lift master has WiFi connectivity to allow remote operation and monitoring.

is it secure or an open door to thieves?

It's "secure enough". It's a helluva lot more secure than someone leaving the door open by accident... If your Liftmaster is like mine, it has auto-close that you can set to 1, 5, or 15 minutes in addition to the remote connectivity, which I frequently use to double-check the doors, let someone in when I'm not there, or put my tractor away when I'm done mowing or snowblowing.
 
I have a simple remote controlled switch bought at Home Depot into which my garage door opener is plugged. At night I simply turn off the power to the opener. Someone is home 99% of the day so that isn't a problem.
 
is it secure or an open door to thieves?
IF a thief wants in, they are going to get in and its unlikely they will bother trying to figure out what kind of garage door opener you have in order to do it.
 
Locks keep honest people out. Nobody is going to waste time hacking your garage door if they want in you house. I breaking a window takes seconds. Breaking in a window takes seconds. Picking a standard house lock takes seconds.
 
so they constantly ask If the configured non broadcast SSID is there,

That's very interesting - It hadn't occurred to me to consider how a connection could be established when there was no SSID broadcast.

The breadth of possible attacks available is breathtaking.

Here is my favourite - Use social engineering to get a significant number of employees of a company to visit your website. That site contains a link to an embedded image, but a "file" URL (I think it must be). Windows then very HELPFULLY includes your user ID and password hash in the request in case it is required for the site.

Password hashes can often be attacked successfully offline and you may get an admin password or access to OWA (corporate email) or something.

Of course a conscientious Corporate will have the relevant ports blocked in the firewall - won't they, and everyone will use long non-guessable passwords?

Thanks.
 
Of course a conscientious Corporate will have the relevant ports blocked in the firewall - won't they, and everyone will use long non-guessable passwords.

Bwahahahahahahahaha! You crack me up.

And companies hire staff who know how computers work and provide high quality training in same, too. ;)

Oh wait. Companies also hire someone who passed Security+ and think they got a seasoned security professional... LOL!
 
Don't worry. wifi garage door opener is reliable. I have one, but not lift master. Cheaper than it, and works well so far.
 
So ... all you smart IT/systems folks. My garage door imploded last week. The replacement opener from lift master has WiFi connectivity to allow remote operation and monitoring.

is it secure or an open door to thieves?

Dunno. I open mine when I want it opened and I close it when I want it closed. There’s the button on the wall in the garage and the remote thingy in the car with a button. How WiFi figures into the equation, I dunno. But I guess it can be an issue. Voices in my head say, unless you think you have some reason to open and close it from your computer or phone, then don’t activate that feature.
 
Last edited:
If your garage door gets breached, it is by a drug addict with a wire hanger who is looking for some tools he can fence at the pawn shop. It's not by some russian hacker who camps out in your driveway until he can crack the security settings of your WiFi router.
 
Last edited:
If your garage door gets breached, it is by a drug addict with a wire hanger who is looking for some tools he can fence at the pawn shop.
Where can I get a Harbor Freight sticker for my garage door?
 
Back
Top