D3D Wi-Fi Home Security System RF Jamming Vulnerability

A denial-of-service vulnerability has been identified in the D3D Wi-Fi Home Security System model ZX-G12, running firmware version 2.1.17. The issue arises from the system's reliance on a fixed-frequency 433 MHz channel for communication between sensors and the central hub. An attacker within RF range can transmit continuous interference on this channel, effectively blocking sensor alerts from reaching the central unit. This disruption prevents alarms from sounding and notifications from being sent to the associated mobile app, creating a silent security breach. The system lacks any jamming detection or mitigation measures, leaving users unaware of potential intrusions.

Impact

Exploitation of this vulnerability causes a complete failure of the alarm system to receive sensor alerts, allowing intrusions to go undetected. The disruption also renders the handheld remote inoperative, preventing users from arming or disarming the system.

Reproduction

The vulnerability can be reproduced by using a software-defined radio, such as a HackRF One, to transmit continuous interference on the 433 MHz frequency used by the D3D security sensors. This can be done after identifying the exact frequency with an SDR tool like GQRX. Once the interference is active, triggering any of the connected sensors will result in no alert being sent to the central hub, demonstrating the jamming effect.

Remediation

No specific remediation is available, but the vendor has been notified of the vulnerability.