Security News > 2021 > August > Fortress Home Security Open to Remote Disarmament

A pair of vulnerabilities in the Fortress S03 WiFi Home Security System could allow cyberattackers to remotely disarm the system, leaving homes open to unlawful entry.

The Fortress platform is a consumer-grade home security system that allows users to mix and match various sensors, IP cameras and accessories, connecting them via Wi-Fi to create a personalized security system.

"An opportunistic home invader is not likely to be a cybersecurity expert, after all. However, I am concerned about a scenario where the attacker already knows the victim well, or at least, well enough to know their email address, which is all that is really required to disable these devices from over the internet using CVE-2021-39276."

Specifically, anyone within RF signal range could capture and replay RF signals to alter systems behavior, resulting in disarmament.

Because an attack requires the system's email address, "We suggest registering the device with a secret, one-time use email address, that can function as a sort of weak password," Beardsley told Threatpost.

"A proper cloud infrastructure can greatly benefit IoT security by enabling automatic updates and insulating users from many local security threats, but it can also magnify the impact of vendor programming errors," Craig Young, principal security researcher at Tripwire, said via email.

News URL

https://threatpost.com/fortress-home-security-remote-disarmament/169069/