Rapid7: Hackers Can Easily Disarm Fortress DIY Home Security System

A researcher discovered that the Fortress S03 WiFi home security system is vulnerable to unauthenticated API access and RF replay attacks.

BOSTON — Cybersecurity firm Rapid7 has revealed that Fortress Security Store’s Fortress S03 WiFi home security system has multiple vulnerabilities that “could result in unauthorized access to control or modify system behavior, and access to unencrypted information in storage or in transit.”

The vulnerability is through the DIY security system’s use of WiFi and RF communication, which is used to monitor doors, windows and motion detection to spot possible intruders.

The first vulnerability discovered by Rapid7 researcher Arvind Vishwakarma is unauthenticated API access. According to Vishwakarama, if a malicious actor knows a user’s email address, they can use it to query the Cloud-based API to return an International Mobile Equipment Identity (IMEI) number, which appears to also serve as the device’s serial number.

With this information, it is the possible for a malicious actor to make changes to the system, including disarming its alarm.

The second vulnerability is the Fortress system is susceptible to an RF replay attack. This means an attacker can capture command-and-control signals over the air and then replay those radio signals in order to perform a function on an associated device.

In this case, an attacker can capture the signals sent between the system’s key fobs, door/window contact sensors and the Fortress Console, and then have the ability to arm or disarm the system.

Rapid7 discovered and disclosed these vulnerabilities to Fortress in May 2021. Fortress hasn’t made it clear if it has fixed or plans to fix them.

TechCrunch reached out to Fortress about Rapid7’s discoveries and received a reply from a law firm representing the company that stated the claims are “false, purposely misleading and defamatory,” but did not provide specifics that it claims are false, or if Fortress has mitigated the vulnerabilities.

The potential for attackers exploiting a DIY system’s transmission signals is something tech expert Bob Dolph discussed in his Tech Talk column from last January. Learn more about these transmissions here.

If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our FREE digital newsletters!

Tagged with: DIY Fire & Intrusion News

About the Author

Contact:

Steven A. Karantzoulidis is the Web Editor for Security Sales & Integration. He graduated from the University of Massachusetts Amherst with a degree in Communication and has a background in Film, A/V and Social Media.

Security Is Our Business, Too

For professionals who recommend, buy and install all types of electronic security equipment, a free subscription to Commercial Integrator + Security Sales & Integration is like having a consultant on call. You’ll find an ideal balance of technology and business coverage, with installation tips and techniques for products and updates on how to add to your bottom line.

A FREE subscription to the top resource for security and integration industry will prove to be invaluable.

Subscribe Today!

Leave a Reply

Your email address will not be published. Required fields are marked *

Get Our Newsletters