| Recurring |
multiple_organization |
(a) The software failure incident related to the vulnerability of wireless burglar alarms being susceptible to jamming attacks has been highlighted in the article. The Mail on Sunday investigation revealed how criminals could easily deactivate wireless burglar alarms using a hacking gadget purchased from Amazon. Ken Munro, founder of Pen Test Partners, mentioned that this issue is not confined to a specific brand and that many wireless burglar alarms work in a similar vulnerable way. He suggested that manufacturers should upgrade their security to prevent such attacks [61304].
(b) The article also mentions that the vulnerability of wireless burglar alarms to jamming attacks is not limited to a specific brand or organization. Ken Munro stated that it is likely that tens of thousands of wireless burglar alarms in people's homes are susceptible to this kind of attack. This indicates that the issue of wireless burglar alarms being vulnerable to jamming attacks is a widespread concern across multiple organizations that manufacture such alarm systems [61304]. |
| Phase (Design/Operation) |
design, operation |
(a) The software failure incident related to the design phase can be seen in the article where criminals were able to switch off burglar alarm systems using a hacking gadget called YARD Stick One. This gadget exploited a vulnerability in the design of wireless burglar alarms, allowing thieves to jam the signal from battery-powered sensors and deactivate the alarms within seconds [61304].
(b) The software failure incident related to the operation phase is evident in the article where the Mail on Sunday conducted tests using the YARD Stick One to jam a miGuard Wi-Fi alarm system. The alarm system, designed for operation by customers using a remote control or smartphone app, failed to sound the alarm or send a notification when jammed, highlighting a failure in the operational effectiveness of the system [61304]. |
| Boundary (Internal/External) |
within_system, outside_system |
(a) within_system: The software failure incident in this case falls under the within_system category. The failure occurred due to a vulnerability within the wireless burglar alarm system itself, specifically related to how the system's sensors communicate wirelessly and how they can be easily jammed using a hacking gadget like the YARD Stick One. This vulnerability allowed criminals to deactivate the alarm system without triggering the siren or sending notifications, ultimately compromising the security of the system [61304].
(b) outside_system: The contributing factors that originate from outside the system in this incident include the availability of hacking gadgets like the YARD Stick One, which are sold on platforms like Amazon. The ease of access to such devices from external sources enables criminals to exploit vulnerabilities within the system, highlighting the importance of considering external threats when designing and implementing security measures for software systems [61304]. |
| Nature (Human/Non-human) |
non-human_actions, human_actions |
(a) The software failure incident related to non-human actions in this case is the vulnerability of wireless burglar alarms to being deactivated by a hacking gadget called YARD Stick One. Criminals can exploit this vulnerability by jamming the signal from battery-powered sensors, allowing them to discreetly gain entry into homes [61304].
(b) The software failure incident related to human actions involves the purchase and testing of the YARD Stick One hacking gadget by The Mail on Sunday to demonstrate how easily wireless burglar alarms can be deactivated. The testing involved using the gadget to jam the miGuard alarm system, preventing it from sounding the alarm or sending notifications as intended [61304]. |
| Dimension (Hardware/Software) |
hardware, software |
(a) The software failure incident related to hardware:
- The article discusses a software failure incident where criminals were able to switch off burglar alarm systems using a hacking gadget called YARD Stick One [61304].
- The YARD Stick One is a hand-held USB stick with a small antenna that plugs into a laptop, indicating a hardware component involved in the failure [61304].
- The device jammed the signal from battery-powered sensors in the home, which would otherwise sound a siren, allowing criminals to gain entry [61304].
- The failure was enabled by the hardware component of the YARD Stick One, which interfered with the wireless signals of the alarm system [61304].
(b) The software failure incident related to software:
- The software failure incident involved the use of a software script easily found and downloaded from the internet to jam the alarm system in moments [61304].
- The criminals were able to jam the alarm system by using a software script in conjunction with the YARD Stick One hardware device [61304].
- The article mentions that the YARD Stick One gives wireless security researchers the ability to investigate weaknesses in digital radio systems, including burglar alarms, indicating a software aspect to the failure [61304]. |
| Objective (Malicious/Non-malicious) |
malicious |
(a) The software failure incident described in the article is malicious in nature. Criminals are using a hacking gadget called YARD Stick One to deactivate wireless burglar alarms by jamming the signal from battery-powered sensors, allowing them to discreetly gain entry into homes [61304]. The criminals are intentionally using this device to bypass security systems and commit theft, indicating a malicious intent behind the software failure incident. |
| Intent (Poor/Accidental Decisions) |
poor_decisions |
The software failure incident described in the article is related to poor_decisions. The incident involves a hacking gadget called YARD Stick One being sold on Amazon, which allows criminals to easily deactivate wireless burglar alarms by jamming the signal from battery-powered sensors. This vulnerability in the alarm systems is due to the design and implementation choices made by manufacturers, making them susceptible to attacks [61304]. |
| Capability (Incompetence/Accidental) |
development_incompetence |
(a) The software failure incident related to development incompetence is evident in the article as criminals were able to exploit a vulnerability in wireless burglar alarm systems using a hacking gadget purchased from Amazon. The criminals could deactivate the alarms by jamming the signal from battery-powered sensors, allowing them to gain entry without triggering the alarm system [61304].
(b) The software failure incident related to accidental factors is seen in the article where the Mail on Sunday purchased the YARD Stick One hacking gadget from Amazon and tested it on a £149.99 ERA miGuard Wi-Fi alarm system. By using a computer code script easily found and downloaded from the internet, the alarm system was jammed accidentally, leading to its failure to sound the alarm or send notifications as intended [61304]. |
| Duration |
temporary |
The software failure incident described in the article is temporary. The failure occurred due to the use of a hacking gadget called YARD Stick One, which allowed criminals to jam wireless burglar alarms, deactivating them within seconds [61304]. This incident was temporary as it was caused by the specific circumstance of using the hacking device to jam the alarm system, rather than being a permanent failure inherent to the software itself. |
| Behaviour |
omission, value, other |
(a) crash: The software failure incident described in the article does not involve a crash where the system loses state and does not perform any of its intended functions [61304].
(b) omission: The software failure incident involves an omission where the system omits to perform its intended functions at an instance(s). Criminals were able to deactivate wireless burglar alarms within seconds by jamming the signal from battery-powered sensors, preventing the alarm from sounding and sending notifications as intended [61304].
(c) timing: The software failure incident is not related to timing issues where the system performs its intended functions correctly but too late or too early [61304].
(d) value: The software failure incident does involve a value failure where the system performs its intended functions incorrectly. The burglars were able to disable the alarm system, allowing them to gain entry without triggering the alarm or sending notifications to the homeowner as expected [61304].
(e) byzantine: The software failure incident does not exhibit a byzantine behavior where the system behaves erroneously with inconsistent responses and interactions [61304].
(f) other: The software failure incident involves a security vulnerability where criminals can exploit the system to disable burglar alarms, highlighting a critical flaw in the system's design and implementation [61304]. |