In 2016 my colleague, Matthias Deeg, and I have looked into the security of wireless alarm systems. At this time, the ABUS Secvest alarm system did not sign and/or encryption its packets, allowing an attacker to disarm it. Some time later they introduced rolling codes to their protocol. But as Thomas Detert found found out, they were still not secure.
The used algorithm for generating the next valid code is predictable, just by looking at the communication. Thomas Detert and Matthias Deeg worked together to publish the new security issues. Furthermore, the attack was demonstrated in a TV report by “Voss & Team”, a German TV show for consumer protection.
- Proof of concept video of the attack (YouTube)
- Article on syss.de (German only, with links to security advisories)
- TV report by Voss & Team (German only, starts at 31:38)