[rubidium]

In general, people are not going to get rid of systems. SimpliSafe is $15 a month after equipment. For some, it's the only security system they can afford, or it's as much as they want to spend on it (disclaimer: me).

So one way you can help their security is

1) Don't publicize easy to follow step-by-step ways of how to do this. There's a big difference between disclosing a security issue and giving non-technical people an easy way to bypass a security system. The fact that a security weakness is known and publicized doesn't help xx% of thieves who don't have the resources to implement it. It does help the aware customer to make changes to their security and demand a fix from the vendor.

2) Responsibly disclose to Simplisafe like the linked post did is best. If they don't respond, then post what you were able to do in a similar manner. Going through ioactive would be a great idea as they're familiar with this process.

[Lawtonfogle]

1 sounds like security by obscurity and it sounds like prevent information being made public knowledge that should impact customers' choices and might lead to better locking down the system. While the ideal rational consumer would be just as impacted by a standard disclosure, I've never met an ideal rational consumer. People will be much more aware if you can show them a web page that gives a step by step guide how to destroy their security system.

To give a comparison, consider all the NSA spying leaks and then consider that show host (John Oliver I believe) who went around asking people questions in a way that made them much more informed of what the implications of spying was, and in doing so changed their reaction.

[tptacek]

To be clear: I don't think you need to disclose any vulnerabilities. Just talk about the process you used to reverse the protocol.