CVE-2017-17910

Name of the Vulnerable Software and Affected Versions Hoermann BiSecur devices versions prior to 2018 Hoermann Hand Transmitter HS5-868-BS version prior to 2018 Hoermann Hand Transmitter HSE1-868-BS version prior to 2018 Hoermann Hand Transmitter HSE2-868-BS version prior to 2018

Description A vulnerability in Hoermann BiSecur devices allows an attacker to exploit the system by recording a single radio transmission. The attacker can intercept an arbitrary radio frame exchanged between a BiSecur transmitter and a receiver, obtaining the encrypted packet and the 32-bit serial number. This can be done without intercepting the one-time pairing process. Due to the use of AES-128 with static initial values and data vectors, the attacker can derive the encryption key and decrypt the packet. The key can be verified by checking for known plaintext. An attacker can then create arbitrary radio frames to control BiSecur systems, including garage and entrance gate operators. A low-cost Software Defined Radio (SDR) is sufficient to conduct the attack.

Recommendations For Hoermann BiSecur devices prior to 2018, consider disabling the wireless functionality until a patch or fix is available. For Hoermann Hand Transmitter HS5-868-BS prior to 2018, restrict access to the device to minimize the risk of exploitation. For Hoermann Hand Transmitter HSE1-868-BS prior to 2018, avoid using the device for critical operations until the issue is resolved. For Hoermann Hand Transmitter HSE2-868-BS prior to 2018, as a temporary workaround, consider using alternative security measures to protect against unauthorized access.