Fortress S03 Wi-Fi Security Alarms were disclosed by Rapid7 as being vulnerable to unauthorized remote management attacks, including disabling the alarm system entirely. The attacks are possible due to CVE-2021-39276, a weakness in the device API that allows for unauthorized access, and CVE-2021-39277, a lack of encryption that allows an attacker to record authentication by users and replay that recording later for unauthorized access. These alarms are used in small businesses and homes. No patch or advisory has been released by Fortress; Rapid7 claims that their submitted ticket was closed with no further communication from the vendor and therefore made their announcement in conformance with their established 60-day disclosure policy.
Analyst Notes
CVE-2021-39276 requires a knowledge of the target’s email address in order to create API access, and therefore removing older email addresses and creating a unique email address specific to the system that is not disclosed on social media, directories, etc., would be an effective work-around until Fortress releases a firmware patch for its products. CVE-2021-39277 requires an attacker to have the opportunity to be in vicinity recording the use of key fobs or other radio frequency (FR) devices used to remotely control the S03 Security Alarms. Users whose threat models include this sort of attack, more likely as insider attacks in small businesses or estranged spouses and domestic dispute situations for home users, are advised to disable or avoid using Wi-Fi devices linked to their security systems until a firmware patch is issued by Fortress.
https://thehackernews.com/2021/08/attackers-can-remotely-disable-fortress.html
https://www.rapid7.com/blog/post/2021/08/31/cve-2021-3927-67-fortress-s03-wifi-home-security-system-vulnerabilities/
