Security News > 2021 > September > Attackers Can Remotely Disable Fortress Wi-Fi Home Security Alarms
New vulnerabilities have been discovered in Fortress S03 Wi-Fi Home Security System that could be potentially abused by a malicious party to gain unauthorized access with an aim to alter system behavior, including disarming the devices without the victim's knowledge.
The Fortress S03 Wi-Fi Home Security System is a do-it-yourself alarm system that enables users to secure their homes and small businesses from burglars, fires, gas leaks, and water leaks by leveraging Wi-Fi and RFID technology for keyless entry.
The company's security and surveillance systems are used by "Thousands of clients and continued customers," according to its website.
"For CVE-2021-39276, an attacker with the knowledge of a Fortress S03 user's email address can easily disarm the installed home alarm without that user's knowledge," the researchers said in a report shared with The Hacker News.
We have reached out to Fortress Security for comment, and we will update the story if we hear back.
"For CVE-2021-39277, there seems to be very little a user can do to mitigate the effects of the RF replay issues absent a firmware update to enforce cryptographic controls on RF signals. Users concerned about this exposure should avoid using the key fobs and other RF devices linked to their home security systems," the researchers said.