According to a cybersecurity company, a popular smart home security system is susceptible to two vulnerabilities that could be used to disable it.
Rapid7 discovered the flaws in the Fortress S03 home security system. This system relies on Wi Fi to connect cameras, motion sensors and sirens to an internet connection, which allows owners to remotely monitor their home from anywhere using a mobile app. A radio-controlled key fob allows homeowners to arm and disarm their home from outside.
The cybersecurity company stated that the vulnerabilities included an unauthenticated API, and an unencrypted radio transmission that could be easily intercepted.
Rapid7 disclosed details about the vulnerabilities on Tuesday, after Fortress had not contacted them in three months. This is the normal time frame security researchers give companies to fix bugs. Rapid7 stated that Fortress did not respond to its support ticket until a week later, and it was the only time Rapid7 acknowledged its email.
TechCrunch sent several emails to Michael Hofeditz, but he did not reply to them. Bottone Riling, a Massachusetts law office representing Fortress, sent an email calling the claims false and purposely misleading. It did not give any details about the claims or whether Fortress had mitigated them.
Rapid7 stated that Fortress' unauthenticated API can remotely be accessed over the internet, without the server verifying that the request is genuine. Researchers said that the server could return the unique IMEI of the device by knowing the homeowner's email address. This can then be used to remotely disable the system.
Another flaw is the use of unencrypted radio messages between the security system's key fob and the homeowner. Rapid7 was able to record and replay the signals used for arming and disarming because they weren't properly scrambled.
Vishwakarma suggested that homeowners could add a plus tag email address with a long string of numbers and letters to replace a password. Until Fortress addressed the problem, homeowners had little to do about the radio signal bug.
Fortress has yet to say if it has already fixed the vulnerabilities or plans to do so. It is not known if Fortress can fix the vulnerabilities without having to replace the hardware. It is not clear if Fortress makes the device or buys it from another manufacturer.