According to cybersecurity companies, popular smart home security systems have two vulnerabilities that could be exploited to completely disarmament the system.
Rapid7 has discovered a vulnerability in Fortress S03, a home security system that relies on Wi-Fi to connect cameras, motion sensors, and sirens to the Internet. This allows owners to remotely monitor their homes wherever they are using the mobile app. Security systems also use radio-controlled key fobs to allow homeowners to arm or disarmament their homes from outside the front door.
However, according to cybersecurity companies, the vulnerability includes unauthenticated APIs and unencrypted radio signals that could easily be intercepted.
Rapid7 Reveal details Of the two vulnerabilities on Tuesday after being uncontacted by the fortress for three months, the standard time frame that security researchers give to companies to fix bugs before publishing details. According to Rapid7, the only confirmation of the email was when Fortress closed the support ticket a week later without comment.
Fortress owner Michael Hofeditz opened it, but did not respond to some emails sent by TechCrunch with an email open tracker. An email from Bottone Riling, a Massachusetts law firm representing the fortress, said the claim was “false, deliberately misleading and defamatory,” but claims to be false. It did not provide details or whether the fortress reduced the vulnerability.
According to Rapid7, Fortress’s unauthenticated API allows you to query remotely over the Internet without the server verifying that your request is legitimate. By knowing the homeowner’s email address, the researchers said the server could return a unique IMEI for the device and use it to remotely disarm the system.
Another flaw utilizes unencrypted radio signals sent between the security system and the homeowner’s key fob. This allowed Rapid7 to capture and play the “arm” and “arm release” signals because the radio waves were not scrambled properly.
Vishwakarma said homeowners can add With plus tag As an alternative to passwords, email addresses that contain long, unique character and numeric strings instead of passwords. But until the fortress dealt with it, homeowners did little to deal with radio signal bugs.
The fortress has not disclosed whether it has fixed or plans to fix the vulnerability. It is not clear if Fortress can fix the vulnerability without replacing the hardware. It’s unclear whether Fortress will build the device itself or buy the hardware from another manufacturer.
A popular smart home security system can be remotely disarmed, researchers say – TechCrunch Source link A popular smart home security system can be remotely disarmed, researchers say – TechCrunch