Hacking Z-Wave Home Automation Systems

Forum and Topics about Z-Wave devices.

Hacking Z-Wave Home Automation Systems

Postby robmac » Sat Dec 21, 2013 6:18 pm

robmac
Starting Member
Starting Member
 
Posts: 6
Joined: December 2013

Re: Hacking Z-Wave Home Automation Systems

Postby Digit » Sun Dec 22, 2013 12:08 am

I guess you can call this a big "Oops..."

If this is true...
Your theft insurance has become useless - the only other thing you can do is to quickly disable all your secure Z-Wave devices.
I'm curious about how quick this bug can & will be fixed, cause I wouldn't sleep that well anymore with such a hackable security device on my front door.

Just keep it (Z-Wave) at switching lights and monitoring stuff for the time being, that's what I would do - until the problem has been taken care of or proven to be not true.
User avatar
Digit
Global Moderator
Global Moderator
 
Posts: 3388
Joined: March 2006
Location: Netherlands

Re: Hacking Z-Wave Home Automation Systems

Postby robmac » Sun Dec 22, 2013 12:20 am

Don't think it is all devices but it would be nice to know.
robmac
Starting Member
Starting Member
 
Posts: 6
Joined: December 2013

Re: Hacking Z-Wave Home Automation Systems

Postby Digit » Sun Dec 22, 2013 1:25 am

Nice to know...
I hope you're right that it doesn't affect all devices, for all those users using Z-Wave security devices.
I'm mostly thinking about the majority of those users, they won't even know about this yet. Maybe they'll never hear or read about it.
But until then, for those who do know, the best thing to do is to act on the worst case scenario - any way, that's what I would advise to do.
User avatar
Digit
Global Moderator
Global Moderator
 
Posts: 3388
Joined: March 2006
Location: Netherlands

Re: Hacking Z-Wave Home Automation Systems

Postby Edwin » Sun Dec 22, 2013 7:59 am

Damn, and then u think those expensive devices are safe
Edwin
Member
Member
 
Posts: 447
Joined: October 2007
Location: Netherlands

Re: Hacking Z-Wave Home Automation Systems

Postby jompa68 » Sun Dec 22, 2013 8:12 am

Scary article but anything can be hacked i would say, so why should Zwave be more secure then a ordinarry lock with key.
jompa68
Starting Member
Starting Member
 
Posts: 5
Joined: August 2009
Location: Sweden

Re: Hacking Z-Wave Home Automation Systems

Postby Digit » Sun Dec 22, 2013 11:08 am

The problem is that, if the story told is true, it's less secure than an ordinary lock.
Because it can be opened by anyone, with a mouse click.
User avatar
Digit
Global Moderator
Global Moderator
 
Posts: 3388
Joined: March 2006
Location: Netherlands

Re: Hacking Z-Wave Home Automation Systems

Postby robmac » Sun Dec 22, 2013 11:16 am

Hi Jompa,

Totally agree this is not a massive issue. My interest was around the possibility of using the code and generic device or even cheaper one to debug the z wave network.

The protocol is not the central issue but poor implementation by some unnamed vendors. The testers found 1 lock and 1 movement sensor that had a poor implementation. So we can cross some manufacturers straight of the list of suspects. :D

The report also points out that there is a single shared secret for initial setup. Can't see an easy way around this for an interoperable standard where all devices should talk at setup and some of the devices have no UI so no way for a secret entry. So there is a tiny risk when your controller is in add mode.

The devices in question failed to validate the message exchange after setup as they should under the standard. One in a simplistic way so just record and resend. The other actually allowed the attacker to change the key used to decrypt the message that after setup should not have been possible other than from the connected controller.

IMO in the real world this is a bit far fetched that anyone would go to the effort of doing this rather than kicking a door in or smashing a window. As most of us have cameras and alarm systems we are not the easiest target group anyway.

BR,

robmac
robmac
Starting Member
Starting Member
 
Posts: 6
Joined: December 2013

Re: Hacking Z-Wave Home Automation Systems

Postby JohnRobie » Mon Dec 30, 2013 11:50 am

This! This is exactly the reason why I've never made the leap to having an electronic, remotely controllable door lock! A Z-Wave security system inside the home, sure - people who are going to break into my home aren't so sophisticated that they'd be able to identify the system, disable it, and break in - much easier for them to get into the neighbours homes and turn their places over. But having the primary entrance to my house as a node on the internet or a wireless node? That's just asking for some 14 year old (and worse) to break in IMO.
JohnRobie
Starting Member
Starting Member
 
Posts: 5
Joined: December 2013


Return to Z-Wave Forum

Who is online

Users browsing this forum: No registered users and 1 guest