Rapid7 cybersecurity company has found that a popular home security system has a pair of flaws that can be exploited to disarm the system altogether.
They found vulnerabilities in the Fortress S03, a home security system which relies on Wi-Fi to connect cameras, motion sensors and sirens to the internet, allowing owners to remotely monitor their home anywhere with a mobile app. This system also uses a radio-controlled key fob to let homeowners arm or disarm their house from outside their front door.
However, Rapid7 have said the home security system has weaknesses, in the form of an unauthenticated API and an unencrypted radio signal that can easily be intercepted. Rapid7 revealed this information at the end of August, after giving Fortress 3 months to reply, which is the standard window of time that security researchers give companies to fix bugs before the details are made public. The only communication Rapid7 received from Fortress was the closing of the support ticket a week later, despite the fact the email hadn’t been acknowledged.
Rapid7 have said that Fortress’ unauthenticated API can be remotely queried over the internet, without the server checking if the request is legitimate. In practice, this means that if thieves know a homeowners email address the server will return the device’s unique IMEI. which can then be used to remotely disarm the system.
A second flaw comes in the form of unencrypted radio signals. These are sent between the home security system, and the homeowners key fob. These radio signals being unencrypted means Rapid7 were able to capture and replay the signals for arm and disarm, meaning they would be able to unarm the home security system.
Fortress has not commented on these flaws, so it is unclear whether they have plans to fix the vulnerabilities. It is also unclear whether they will be able to fix them without replacing the hardware completely.