Key Information About the Vulnerability Overview System Targeted: D3D ZX-G12 Wi-Fi Alarm System Vulnerability Type: RF Replay Vulnerability Communication Channel: 433 MHz ISM band Vulnerability Description: Lack of essential security protections, specifically anti-replay mechanisms, freshness, authenticity, and source integrity. Vulnerability Summary Flaw: The 433 MHz sensors transmit static, unencrypted, and unauthenticated RF packets. Impact: The system is vulnerable to RF replay attacks which can spoof or manipulate sensor events. Methodology Hardware: HackRF One, 433 MHz ISM-tuned antenna, Laptop running Kali Software: GQRX, GNU Radio Companion Testing Approach: Observation of signal behavior, analysis of waveform pulses, and testing of replay capabilities. Findings 1. Static, Fixed-Code Packets 2. No Authentication or Rolling Code 3. Replay Behavior (Immediate acceptance, identical logs, authentic alarm behavior) 4. Highly Reproducible (Across sensors and times) Affected Models and Versions D3D ZX-G12 Alarm Hub 433 MHz PIR Motion Detector 433 MHz Door/Window Sensor Main Module Firmware: v2.1.17 MCU Module Firmware: v4.2.6 Recommendations For Users: Avoid unencrypted RF sensors, prefer rolling-code systems, monitor abnormal triggers. For Vendors: Implement rolling codes, add cryptographic authentication, use nonces/timestamps, adopt secure RF standards. Conclusion Lack of authentication and freshness checks can compromise an entire security system. Responsible disclosure attempted. Disclaimer Testing was controlled; no exploitation beyond benign testing.