The details below discuss the vulnerabilities found in the following devices:
WAFU Keyless Smart Lock (firmware v1.0) – CVE-2023-34553
An attacker can use a software-defined radio to capture commands sent to the alarm from the remote keyfob. As no rolling code is implemented, it is a simple matter to play back the code and gain full access to the alarm’s functions. As an example, see the following image, comparing subsequent keypresses of the arm/disarm keyfob:
As of 22nd May, 2023, no fix has been released for this issue. Given that this is a vulnerability with the device hardware, we do not believe that this can be rectified with software updates.
Is a POC available?
Hi – yeah, you can do this with any reply device such as a HackRF or a Yardstick One. It’s a simple attack.