CVE-2023-31763

Vulnerability

The AGShome Smart Alarm (firmware v1.0) communicates with its remote keyfob using 433MHz RF signals that employ static, non-rolling codes [1], [2]. This means each button press transmits an identical, unchanging code. An attacker can capture these transmissions and replay them at will, gaining the ability to arm or disarm the alarm without any cryptographic protection or code rotation [1]. The affected device is the AGSHome Smart Alarm running firmware v1.0 [2].

Exploitation

An attacker needs only a software-defined radio (SDR) capable of receiving and transmitting on the 433MHz band [1]. By monitoring the RF channel when the legitimate user presses a keyfob button, the attacker captures the raw signal (e.g., using SDR#) [1]. The captured code can then be replayed at any time to trigger the same action (arm or disarm) [1], [2]. No authentication, physical proximity beyond RF range, or user interaction is required beyond the initial capture [1].

Impact

Successful replay of a captured code gives the attacker full control over the alarm system's arming and disarming functions [1], [2]. This completely undermines the security purpose of the alarm, allowing an intruder to disable the alarm before a break-in or to reset it after triggering a sensor. The attacker does not gain access to other system functions or data, but the alarm's integrity and availability are fully compromised [2].

Mitigation

As of May 2023, no fix has been issued for this vulnerability [2]. Because the weakness is inherent in the hardware design (non-rolling codes), the vendor cannot rectify it through a firmware update [2]. Users are advised to consider replacing the device with one that implements rolling codes or wired communication [1]. The vulnerability is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog as of the publication date.