New vulnerabilities have been found in Fortress S03 Wi-Fi House Security Process that could be probably abused by a destructive get together to obtain unauthorized entry with an goal to alter technique conduct, which include disarming the products without having the victim’s awareness.
The two unpatched issues, tracked under the identifiers CVE-2021-39276 (CVSS rating: 5.3) and CVE-2021-39277 (CVSS rating: 5.7), have been found and noted by cybersecurity business Swift7 in May perhaps 2021 with a 60-working day deadline to repair the weaknesses.
The Fortress S03 Wi-Fi Residence Security Technique is a do-it-on your own (Do-it-yourself) alarm method that enables buyers to protected their properties and tiny companies from burglars, fires, gasoline leaks, and h2o leaks by leveraging Wi-Fi and RFID technological innovation for keyless entry. The company’s stability and surveillance units are utilized by “hundreds of clients and ongoing consumers,” in accordance to its website.
Contacting the vulnerabilities “trivially effortless to exploit,” Immediate7 scientists famous CVE-2021-39276 concerns an unauthenticated API Access that permits an attacker in possession of a victim’s e mail handle to query the API to leak the device’s Intercontinental Cell Equipment Id (IMEI) quantity, which also doubles up as the serial variety. Armed with the device’s IMEI selection and the electronic mail deal with, the adversary can move forward to make a quantity of unauthorized modifications, this sort of as disabling the alarm technique by way of an unauthenticated Put up request.
CVE-2021-39277, on the other hand, relates to an RF Sign replay attack, wherein a absence of enough encryption grants the poor actor the capability to capture the radio frequency command and handle communications more than the air using software-defined radio (SDR), and playback the transmission to carry out specific capabilities, this sort of as “arm” and “disarm” functions, on the target machine.
“For CVE-2021-39276, an attacker with the know-how of a Fortress S03 user’s email deal with can easily disarm the set up property alarm with no that user’s awareness,” the scientists said in a report shared with The Hacker News.
“CVE-2021-39277 provides comparable challenges, but requires less prior knowledge of the victim, as the attacker can just stake out the house and wait around for the target to use the RF-managed products within just radio array. The attacker can then replay the ‘disarm’ command later on, without the victim’s expertise.”
Swift7 said it notified Fortress Security of the bugs on May well 13, 2021, only for the organization to near the report 11 days later on May perhaps 24. We have reached out to Fortress Stability for comment, and we will update the story if we listen to back.
In light of the simple fact that the concerns proceed to persist, it is really encouraged that buyers configure their alarm techniques with a distinctive, one particular-time email handle to function all around the IMEI number publicity.
“For CVE-2021-39277, there appears to be very minimal a user can do to mitigate the outcomes of the RF replay concerns absent a firmware update to enforce cryptographic controls on RF alerts. Customers involved about this publicity ought to stay clear of utilizing the essential fobs and other RF devices joined to their dwelling protection devices,” the scientists mentioned.