The RF communication protocol in the Micca KE700 car alarm system does not encrypt its data frames. An attacker with a radio interception tool (e.g., SDR) can capture the random number and countersĀ transmitted in cleartext, which is sensitive information required for authentication.
Weakness
The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.
Potential Mitigations
Related Attack Patterns
- https://cwe.mitre.org/data/definitions/102.html
- https://cwe.mitre.org/data/definitions/117.html
- https://cwe.mitre.org/data/definitions/383.html
- https://cwe.mitre.org/data/definitions/477.html
- https://cwe.mitre.org/data/definitions/65.html