Fibaro Motion Sensor Vulnerability Allows Threat Actors To Launch DDoS Attacks


A vulnerability in a popular motion sensor system has recently caught the attention of cybersecurity experts. Designated as CVE-2023-34597, this vulnerability affects the Fibaro Motion Sensor firmware version 3.4. The Fibaro Motion Sensor vulnerability allegedly allows threat actors to launch Denial of Service (DoS) attacks through a crafted Z-Wave message. The Fibaro motion sensor vulnerability was first shared on GitHub on a public repository iot-sec23/IoT-CVE.

The Fibaro Motion Sensor is a wireless device widely used for home automation and security. Offering a range of features, including passive infrared (PIR) motion detection, temperature measurement, and light intensity measurement, it provides comprehensive information about the environment it monitors.

The device can be mounted on walls or placed on shelves. It uses Z-Wave technology, a renowned protocol for smart home devices; the sensor communicates wirelessly with other compatible devices within the network.

Exploiting motion sensor vulnerability: A classic market for hackers 

Hacker groups are always looking for markets with the most vulnerabilities or markets growing at remarkable rates. One of those markets is exploiting the motion sensor vulnerability. 

The motion sensor market has been witnessing significant growth in recent years. According to Mordor Intelligence’s MOTION SENSOR MARKET SIZE & SHARE ANALYSIS – GROWTH TRENDS & FORECASTS (2023 – 2028), the market is projected to grow at a CAGR of 6.5% from 2021 to 2026. 

The rise of Industry 4.0, the latest industrial revolution, has played a pivotal role in promoting the development of collaborative and AI-enabled technologies.

These innovations have allowed enterprises to streamline processes, enhance efficiency, and eliminate errors, thereby fueling the growth of the motion sensor market.

Global System for Mobile Communications (GSMA) data indicates a significant increase in global IoT connections, further contributing to the market’s growth. 

Motion sensor market enter the hackers’ turmoil 

Unfortunately, motion sensor systems have also become the target of cyber-attacks; in a special report by HackRead, an attack known as EarSpy exploits motion sensors on Android devices, allowing hackers to pry into users’ conversations. 

This research, conducted by a team from Rutgers University, Texas A&M University, Temple University, New Jersey Institute of Technology, and the University of Dayton, highlighted the potential risks associated with eavesdropping through motion sensor data.

The researchers, including Ahmed Tanvir Mahdad, Cong Shi, Zhengkun Ye, Tianming Zhao, Yan Wang, Yingying Chen, and Nitesh Saxena, named this side-channel attack “EarSpy.” By capturing the audio from the ear speaker, attackers can deduce the caller’s identity, determine their gender, and secretly listen to private conversations.

The findings from this research emphasize the importance of addressing vulnerabilities in motion sensor systems. While the Motion sensors vulnerabilities are a cause for concern, it also serves as a reminder to implement better security measures across all smart home devices. 

Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.





Source link