Browsed by
Month: May 2023

Wireless Smart Lock Vulnerability Disclosure

Wireless Smart Lock Vulnerability Disclosure

The details below discuss the vulnerabilities found in the following devices: WAFU Keyless Smart Lock (firmware v1.0) – CVE-2023-34553 An attacker can use a software-defined radio to capture commands sent to the alarm from the remote keyfob. As no rolling code is implemented, it is a simple matter to play back the code and gain full access to the alarm’s functions. As an example, see the following image, comparing subsequent keypresses of the arm/disarm keyfob: As of 22nd May, 2023,…

Read More Read More

Wireless Alarm System Vulnerability Disclosure

Wireless Alarm System Vulnerability Disclosure

The details below discuss the vulnerabilities found in the following devices: All of the devices above demonstrate the same security weakness. An attacker can use a software-defined radio to capture commands sent to the alarm from the remote keyfob. As no rolling code is implemented, it is a simple matter to play back the code and gain full access to the alarm’s functions. As an example, see the following image, comparing subsequent keypresses of the AGSHome Alarm keyfob: As of…

Read More Read More

Wireless Alarm System Vulnerabilities

Wireless Alarm System Vulnerabilities

Recently I had a chance to look at a number of intruder alarm systems sold via Amazon and eBay. These devices sell for up to £150, and a number are best sellers As discussed in my last post, RF frequency communication can be captured relatively easily, using a software-defined radio (SDR). All four devices use 433MHz RF to communicate between the sensors and the base station. Capturing transmissions from each device proved extremely simple; the following shows the result of…

Read More Read More