ABUS Secvest Sniffing Attack Against Wireless Control Device FUBE50001

Описание: In this PoC video, SySS IT security expert Matthias Deeg demonstrates a sniffing attack against the insecure wireless communication of an ABUS Secvest wireless alarm system and its wireless control device FUBE50001 [1].

Due to missing encryption of the wireless communication, an attacker is able to eavesdrop sensitive data like PIN codes or proximity token IDs as cleartext. By having access to this sensitive data, it is possible to deactivate the wireless alarm system in an unauthorized way.

This security vulnerability described in our SySS security advisory SYSS-2020-014 (CVE-2020-14157) [2] was found by Michael Rüttgers and Thomas Detert.

Based on a software tool used for exploiting a related security issue (SYSS-2018-035 [3]) concerning the ABUS Secvest remote control FUBE50014 and FUBE50015, two new PoC tool for performing sniffing attacks against the affected wireless control device FUBE50001 were developed.

[1] Product website for ABUS Secvest wireless control device
https://www.abus.com/eng/Home-Securit...
[2] SySS Security Advisory SYSS-2020-014 (CVE-2020-14157)
https://www.syss.de/fileadmin/dokumen...
[3] SySS Security Advisory SYSS-2018-035
https://www.syss.de/fileadmin/dokumen...

#hack #sniffing #attack