Thomas Detert

**Name of the Vulnerable Software and Affected Versions** ABUS Secvest FUBE50001 device (affected versions not specified) **Description** The issue concerns the lack of encryption for sensitive data, such as PIN codes or IDs of used proximity chip keys (RFID tokens), in the wireless-communication feature. This omission makes it easier for an attacker to disarm the wireless alarm system. There is no information provided about the estimated number of potentially affected devices worldwide or details about real-world incidents where this issue was exploited. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ABUS Secvest FUAA50000 version 3.01.01 **Description** An issue was discovered due to an insufficient implementation of jamming detection. This allows an attacker to suppress correctly received RF messages sent between wireless peripheral components and the ABUS Secvest alarm central. The attacker can perform a "reactive jamming" attack by detecting the start of a RF message and overlaying it with random data before the original message ends, preventing the receiver from properly decoding the signal. This enables the suppression of correctly received RF messages, including status messages from detectors indicating an intrusion. **Recommendations** For ABUS Secvest FUAA50000 version 3.01.01, consider implementing additional jamming detection mechanisms to prevent reactive jamming attacks. As a temporary workaround, restrict the use of wireless peripheral components to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ABUS Secvest wireless alarm system FUAA50000 version 3.01.01 **Description** An issue was discovered where sensitive data, such as the current rolling code state, is transmitted in cleartext due to the lack of "encrypted signal transmission". This allows an attacker to eavesdrop on the data. **Recommendations** For ABUS Secvest wireless alarm system FUAA50000 version 3.01.01, consider implementing encrypted signal transmission to prevent eavesdropping of sensitive data. At the moment, there is no information about a newer version that contains a fix for this issue.