关键漏洞信息 Advisory ID: SYSS-2019-005 Product: ABUS Secvest (FUA50000) Manufacturer: ABUS Affected Version(s): v3.01.01 Tested Version(s): v3.01.01 Vulnerability Type: Cryptographic Issues (CWE-310) Risk Level: Medium Solution Status: Open Manufacturer Notification: 2019-03-15 Public Disclosure: 2019-05-02 CVE Reference: CVE-2019-9861 Authors of Advisory: Matthias Deeg, Gerhard Klostermeier (SySS GmbH) Overview ABUS Secvest (FUA50000) is a wireless alarm system. Used proximity keys (RFID tags) are vulnerable to RFID cloning attacks, allowing unauthorized deactivation of the alarm system. Proof of Concept Successfully cloned ABUS proximity keys using tools like Mifare Classic Tool, ChameleonMini, and an RFID/NFC reader/writer. Solution No available solution for this reported security vulnerability. Disclosure Timeline 2019-03-15: Vulnerability reported to manufacturer. 2019-05-02: Public release of security advisory. References [1] Product website for ABUS Secvest wireless alarm system [2] ABUS proximity chip key information [3] Mifare Classic Tool [4] ChameleonMini [5] RFID/NFC reader/writer [6] ABUS Secvest Proximity Key Cloning PoC Attack video [7] SYSS Security Advisory SYSS-2019-005 [8] SySS Responsible Disclosure Policy Credits: Discovered by Matthias Deeg and Gerhard Klostermeier of SySS GmbH.