Researchers from the cybersecurity firm Rapid7 have discovered a couple of flaws that they believe can be used by hackers to remotely disarm one of Fortress Security Store’s home security systems.
Fortress Security Store is company established in the United States that provides physical security solutions. According to company, thousands of consumers and businesses use the company’s products.
Security vulnerabilities was discovered in Fortress’ S03 WiFi Security System, which connects to an existing Wi-Fi network or phone line. Security cameras, window and door sensors, motion detectors, glass break and vibration sensors, as well as smoke, gas, and water alarms, can all be part of the system.
Rapid7 researchers uncovered two remotely exploitable vulnerabilities in the product, both of which are classified medium severity based on their CVSS scores.
One of them, CVE-2021-39276, has been classified as an unauthenticated API access vulnerability. An attacker who is aware of the targeted user’s email address (the attack cannot be launched without this piece of information) can use it to query the API and retrieve the security system’s associated IMEI number. After obtaining the IMEI, the attacker can send unauthenticated POST requests by making changes to the system, including to disarm it.
This attack requires no prior knowledge of the targeted system, but it can only be carried out by an attacker within radio range of the victim.
Rapid7 said the flaws were first disclosed to Fortress in mid-May and then again in mid-August. However, there does not appear to be a patch available for the flaws.
Users can’t do much to prevent RF attacks besides avoid utilising key fobs and other RF devices that are tied to the system. CVE-2021-39276 can be prevented by registering the system with a unique email address that is unlikely to be guessed or obtained by an attacker.