Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

IoT Security

Vulnerabilities Can Allow Hackers to Disarm Fortress Home Security Systems

Researchers at cybersecurity firm Rapid7 have identified a couple of vulnerabilities that they claim can be exploited by hackers to remotely disarm one of the home security systems offered by Fortress Security Store.

Researchers at cybersecurity firm Rapid7 have identified a couple of vulnerabilities that they claim can be exploited by hackers to remotely disarm one of the home security systems offered by Fortress Security Store.

Fortress Security Store is a physical security solutions provider based in the United States. The company says thousands of consumers and businesses use its products.

Fortress home security systems can be disarmed by hackersThe flaws were found in Fortress’ S03 WiFi Security System, which connects to an existing Wi-Fi network or phone line. The system can include security cameras, window and door sensors, motion detectors, glass break and vibration sensors, as well as smoke, gas and water alarms.

Rapid7 researchers discovered that the product is affected by two vulnerabilities — both rated medium severity based on their CVSS score — that can be exploited remotely.

One of them, tracked as CVE-2021-39276, has been described as an unauthenticated API access issue. An attacker who knows the targeted user’s email address — the attack cannot be launched without this piece of information — can use the email address to query the API and obtain the security system’s associated IMEI number. Once they have obtained the IMEI, the attacker can send unauthenticated POST requests to make changes to the system, including to disarm it.

The second flaw, tracked as CVE-2021-39277, can be exploited to launch a radio frequency (RF) signal replay attack. Due to the fact that communications between different components of the home security system are not properly protected, an attacker can capture various commands — such as arm or disarm — using a software-defined radio device, and then replay those commands at a later time.

This attack does not require any prior knowledge of the targeted system, but it can only be launched by an attacker who is in the radio range of the target.

Rapid7 said it initially reported the flaws to Fortress in mid-May and again in mid-August. However, there does not appear to be a patch for the vulnerabilities.

There is not much that users can do to prevent RF attacks — except to avoid using key fobs and other RF devices linked to the system. Exploitation of CVE-2021-39276 can be prevented by registering the system with a unique email address that an attacker is unlikely to guess or obtain.

Advertisement. Scroll to continue reading.

SecurityWeek has reached out to Fortress for comment, but we have not received a reply beyond an automated email confirming that our message was received.

Related: FragAttacks: New Vulnerabilities Expose All Devices With Wi-Fi to Attacks

Related: Smart Lightbulbs Used to Compromise Home and Business Networks

Related: Vulnerability Allows Hackers to Unlock Smart Home Door Locks

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

People on the Move

Professional services company Slalom has appointed Christopher Burger as its first CISO.

Allied Universal announced that Deanna Steele has joined the company as CIO for North America.

Former DoD CISO Jack Wilmer has been named CEO of defensive and offensive cyber solutions provider SIXGEN.

More People On The Move

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

IoT Security

A vulnerability affecting Dahua cameras and video recorders can be exploited by threat actors to modify a device’s system time.