exploit the possibilities
Showing 1 - 6 of 6 RSS Feed

Files from Thomas Detert

First Active2019-03-25
Last Active2020-07-31
ABUS Secvest Hybrid Module FUMO50110 Authentication Bypass
Posted Jul 31, 2020
Authored by Matthias Deeg, Thomas Detert, Michael Ruttgers

ABUS Secvest Hybrid module (FUMO50110) suffers an authentication bypass vulnerability. The hybrid module does not have any security mechanism that ensures confidentiality or integrity of RF packets that are exchanged between the ABUS Secvest alarm panel and the ABUS Secvest Hybrid module. Thus, an attacker can spoof messages of the ABUS Secvest Hybrid module based on sniffed status RF packets that are issued by the ABUS Secvest Hybrid module on a regularly basis (~2.5 minutes).

tags | advisory, spoof, bypass
advisories | CVE-2020-14158
SHA-256 | a68c00c7fb616a3cbbfa44b0ab74d7e727e98d5025f0aa73c1c04de2a4b77175
ABUS Secvest Wireless Control Device Missing Encryption
Posted Jun 23, 2020
Authored by Thomas Detert, Michael Ruttgers

The wireless communication of the ABUS Secvest Wireless Control Device (FUBE50001) for transmitting sensitive data like PIN codes or IDs of used proximity chip keys (RFID tokens) is not encrypted.

tags | advisory
advisories | CVE-2020-14157
SHA-256 | c954871e4ce41c0235fc5678748e8f2021e5da793d086a13df9bd48b2b66af7c
ABUS Secvest 3.01.01 Unchecked Message Transmission Error Condition
Posted Jul 27, 2019
Authored by Matthias Deeg, Thomas Detert

Thomas Detert found out that the jamming detection of the ABUS alarm central does not detect short jamming signals that are shorter than normal ABUS RF messages. Thus, an attacker is able to perform a "reactive jamming" attack. The reactive jamming simply detects the start of a RF message sent by a component of the ABUS Secvest wireless alarm system, for instance a wireless motion detector (FUBW50000) or a remote control (FUBE50014 or FUBE50015), and overlays it with random data before the original RF message ends. Thereby, the receiver (alarm central) is not able to properly decode the original transmitted signal. This enables an attacker to suppress correctly received RF messages of the wireless alarm system in an unauthorized manner, for instance status messages sent by a detector indicating an intrusion. Version 3.01.01 is affected.

tags | advisory, remote
advisories | CVE-2019-14261
SHA-256 | e98fe47d41ddf0ca24e6f78dac777943006f689fe3cefe75519fcbab7d77131d
ABUS Secvest Remote Control Denial Of Service
Posted Mar 25, 2019
Authored by Matthias Deeg, Thomas Detert

Thomas Detert found out that the claimed "Encrypted signal transmission" of the Secvest wireless remote control FUBE50014 is not present and that the implemented rolling codes are predictable. By exploiting these two security issues, an attacker can simply desynchronize a wireless remote control by observing the current rolling code state, generating many valid rolling codes, and use them before the original wireless remote control. The Secvest wireless alarm system will ignore sent commands by the wireless remote control until the generated rolling code happens to match the window of valid rolling code values again. Depending on the number of used rolling codes by the attacker, a resynchronization without actually reconfiguring the wireless remote control could take quite a lot of time and effectless button presses. SySS found out that the new ABUS Secvest remote control FUBE50015 is also affected by this security vulnerability.

tags | advisory, remote
advisories | CVE-2019-9860
SHA-256 | 1e8bdcc2aac5543c46a47138bfd7aaeba7d32444b036b9f6db96a45e4987806a
ABUS Secvest Remote Control Eavesdropping Issue
Posted Mar 25, 2019
Authored by Matthias Deeg, Thomas Detert

Thomas Detert found out that the claimed "Encrypted signal transmission" of the Secvest wireless remote control FUBE50014 is not present at all. Thus, an attacker observing radio signals of an ABUS FUBE50014 wireless remote control is able to see all sensitive data of transmitted packets as cleartext and can analyze the used packet format and the communication protocol. For instance, this security issue could successfully be exploited to observe the current rolling code state of the wireless remote control and deduce the cryptographically weak used rolling code algorithm. SySS found out that the new ABUS Secvest remote control FUBE50015 is also affected by this security vulnerability.

tags | advisory, remote, protocol
advisories | CVE-2019-9862
SHA-256 | 4fb6b1bb33c005b26a8192228bc5ffdcbbcb440ba5889e85c120133752973a41
ABUS Secvest 3.01.01 Insecure Algorithm
Posted Mar 25, 2019
Authored by Matthias Deeg, Thomas Detert

Thomas Detert found out that the rolling codes implemented as replay protection in the radio communication protocol used by the ABUS Secvest wireless alarm system (FUAA50000) and its remote control (FUBE50014, FUB50015) is cryptographically weak.

tags | advisory, remote, protocol
advisories | CVE-2019-9863
SHA-256 | 92648a845f9e728c6b9724e16f7b0148e4f4b7d7c8d97744a46937db2cabc861
Page 1 of 1
Back1Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    17 Files
  • 20
    May 20th
    2 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    6 Files
  • 24
    May 24th
    19 Files
  • 25
    May 25th
    5 Files
  • 26
    May 26th
    12 Files
  • 27
    May 27th
    12 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close