Vulnerabilities Can Allow Hackers to Disarm Fortress Home Security Systems
Researchers at cybersecurity firm Rapid7 have identified a couple of vulnerabilities that they claim can be exploited by hackers to remotely disarm one of the home security systems offered by Fortress Security Store.
Fortress Security Store is a physical security solutions provider based in the United States. The company says thousands of consumers and businesses use its products.
The flaws were found in Fortress’ S03 WiFi Security System, which connects to an existing Wi-Fi network or phone line. The system can include security cameras, window and door sensors, motion detectors, glass break and vibration sensors, as well as smoke, gas and water alarms.
Rapid7 researchers discovered that the product is affected by two vulnerabilities — both rated medium severity based on their CVSS score — that can be exploited remotely.
One of them, tracked as CVE-2021-39276, has been described as an unauthenticated API access issue. An attacker who knows the targeted user’s email address — the attack cannot be launched without this piece of information — can use the email address to query the API and obtain the security system’s associated IMEI number. Once they have obtained the IMEI, the attacker can send unauthenticated POST requests to make changes to the system, including to disarm it.
The second flaw, tracked as CVE-2021-39277, can be exploited to launch a radio frequency (RF) signal replay attack. Due to the fact that communications between different components of the home security system are not properly protected, an attacker can capture various commands — such as arm or disarm — using a software-defined radio device, and then replay those commands at a later time.
This attack does not require any prior knowledge of the targeted system, but it can only be launched by an attacker who is in the radio range of the target.
Rapid7 said it initially reported the flaws to Fortress in mid-May and again in mid-August. However, there does not appear to be a patch for the vulnerabilities.
There is not much that users can do to prevent RF attacks — except to avoid using key fobs and other RF devices linked to the system. Exploitation of CVE-2021-39276 can be prevented by registering the system with a unique email address that an attacker is unlikely to guess or obtain.
SecurityWeek has reached out to Fortress for comment, but we have not received a reply beyond an automated email confirming that our message was received.