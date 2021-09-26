Your home should always be a comfortable and cozy space for you and your loved ones, but it should also be the place you feel safest. Fortunately, new technologies over the last decade have made it easier than ever to set protection with easy-to-install cameras, locks, and monitors, and even allow you to monitor properties remotely. However, if you are using a popular home security system, two recently discovered vulnerabilities can be compromised. Read on to see which products to replace for your safety.

The Fortress S03 security system contains two major vulnerabilities that can be compromised.

If your home is equipped with a fortress S03 security system, you may inadvertently endanger your safety. According to cybersecurity firm Rapid7, several major vulnerabilities allow an intruder to disarmament the system using relatively simple tactics.

According to the company, TechCrunch first discovered a security flaw three months ago and contacted Fortress about potential risks. Rapid7 released information about the vulnerability after Fortress did not respond to the message and found that the only confirmation of scope was the uncommented support card. Cybersecurity experts say that the owner's email address can eliminate the security system.

According to Rapid7, the Fortress S03 system relies on a Wi-Fi connection to maintain motion sensors, cameras, and sirens, allowing customers to monitor their homes from a mobile app. He also uses remote control keys to turn the system on and off each time he enters or exits a property.

However, cybersecurity companies have discovered that their systems rely on unidentified APIs to allow hackers and criminals to access a unique International Mobile Equipment Identity (IMEI) number from a particular device simply by knowing their address. I made it. The email address associated with your account. This allows them to remotely enable or disable the system, TechCrunch reports. Keychain vulnerabilities can also be used to easily disarmament the system.

However, potential intruders may not even need to know your personal email address to access your home. According to Rapid7, the system's remote server works by turning it on and off using unencrypted radio signals, making it relatively easy to pick up and play unencrypted frequencies around the system. understood. Turn off.

The process of spying on radio frequencies may seem expensive, but some experts recommend that it be relatively easy with proper technical knowledge. Rapid7 Research Director Tod Beardsley told Threatpost: "The range depends on the sensitivity of the equipment used, but this type of eavesdropping usually requires a line of sight and is fairly close to the other side of the street."

You can protect your device from access by using the email address provided.

Ultimately, experts say that random intruders are unlikely to exploit system vulnerabilities. "These issues are very unlikely to be abused," Beardsley told Threatpost. "After all, opportunistic intruders are unlikely to become cybersecurity experts, but there are scenarios where the attacker already knows the victim or at least knows the victim's address well. I'm worried. That's all I really need to power off these devices via email or the internet. "

Beardsley admits that it can only be done "very little" against easily exploitable key backs, except to avoid using products attached to the fortress. However, there are still ways to prevent someone from using your email address to abuse your system. "We recommend registering your device with a secret, the one-time email address that can act as a kind of fraudulent password," Beardsley told Threatpost. "I think it's a good solution without updating the provider's validation."

