New vulnerabilities have been found in Fortress S03 Wi-Fi Dwelling Safety System that may very well be probably abused by a malicious social gathering to realize unauthorized entry with an goal to change system habits, together with disarming the units with out the sufferer’s information.
The 2 unpatched points, tracked underneath the identifiers CVE-2021-39276 (CVSS rating: 5.3) and CVE-2021-39277 (CVSS rating: 5.7), have been found and reported by cybersecurity agency Rapid7 in Could 2021 with a 60-day deadline to repair the weaknesses.
The Fortress S03 Wi-Fi Dwelling Safety System is a do-it-yourself (DIY) alarm system that permits customers to safe their properties and small companies from burglars, fires, fuel leaks, and water leaks by leveraging Wi-Fi and RFID expertise for keyless entry. The corporate’s safety and surveillance programs are utilized by “1000’s of shoppers and continued clients,”to its web site.
Calling the vulnerabilities “trivially simple to use,”researchers famous CVE-2021-39276 issues an unauthenticated API Entry that permits an attacker in possession of a sufferer’s electronic mail handle to question the API to leak the system’s Worldwide Cellular Tools Identification (IMEI) quantity, which additionally doubles up because the serial quantity. Armed with the system’s IMEI quantity and the e-mail handle, the adversary can proceed to make quite a few unauthorized modifications, corresponding to disabling the alarm system through an unauthenticated POST request.
CVE-2021-39277, then again, pertains to an RF Sign, whereby a scarcity of sufficient encryption grants the unhealthy actor the power to seize the radio frequency command and management communications over the air utilizing software-defined radio (SDR), and playback the transmission to carry out particular capabilities, corresponding to “arm” and “disarm” operations, on the goal system.
“For CVE-2021-39276, an attacker with the information of a Fortress S03 person’s electronic mail handle can simply disarm the put in house alarm with out that person’s information,” the researchers stated in a report shared with The Hacker Information.
“CVE-2021-39277 presents comparable issues, however requires much less prior information of the sufferer, because the attacker can merely stake out the property and anticipate the sufferer to make use of the RF-controlled units inside radio vary. The attacker can then replay the ‘disarm’ command later, with out the sufferer’s information.”
Rapid7 stated it notified Fortress Safety of the bugs on Could 13, 2021, just for the corporate to shut the report 11 days afterward Could 24. Now we have reached out to Fortress Safety for remark, and we are going to replace the story if we hear again.
In mild of the truth that the problems proceed to persist, it is advisable that customers configure their alarm programs with a singular, one-time electronic mail handle to work across the IMEI quantity publicity.
“For CVE-2021-39277, there appears to be little or no a person can do to mitigate the consequences of the RF replay points absent a firmware replace to implement cryptographic controls on RF alerts. Customers involved about this publicity ought to keep away from utilizing the important thing fobs and different RF units linked to their house safety programs,” the researchers stated.