Hacking Z-Wave Home Automation Systems

Forum and Topics about Z-Wave devices.
Post Reply
robmac
Starting Member
Starting Member
Posts: 6
Joined: Sat Dec 21, 2013 6:39 pm

Hacking Z-Wave Home Automation Systems

Post by robmac »

Digit
Global Moderator
Global Moderator
Posts: 3388
Joined: Sat Mar 25, 2006 10:23 am
Location: Netherlands
Contact:

Re: Hacking Z-Wave Home Automation Systems

Post by Digit »

I guess you can call this a big "Oops..."

If this is true...
Your theft insurance has become useless - the only other thing you can do is to quickly disable all your secure Z-Wave devices.
I'm curious about how quick this bug can & will be fixed, cause I wouldn't sleep that well anymore with such a hackable security device on my front door.

Just keep it (Z-Wave) at switching lights and monitoring stuff for the time being, that's what I would do - until the problem has been taken care of or proven to be not true.
robmac
Starting Member
Starting Member
Posts: 6
Joined: Sat Dec 21, 2013 6:39 pm

Re: Hacking Z-Wave Home Automation Systems

Post by robmac »

Don't think it is all devices but it would be nice to know.
Digit
Global Moderator
Global Moderator
Posts: 3388
Joined: Sat Mar 25, 2006 10:23 am
Location: Netherlands
Contact:

Re: Hacking Z-Wave Home Automation Systems

Post by Digit »

Nice to know...
I hope you're right that it doesn't affect all devices, for all those users using Z-Wave security devices.
I'm mostly thinking about the majority of those users, they won't even know about this yet. Maybe they'll never hear or read about it.
But until then, for those who do know, the best thing to do is to act on the worst case scenario - any way, that's what I would advise to do.
Edwin
Member
Member
Posts: 447
Joined: Sat Oct 20, 2007 6:37 am
Location: Netherlands

Re: Hacking Z-Wave Home Automation Systems

Post by Edwin »

Damn, and then u think those expensive devices are safe
jompa68
Starting Member
Starting Member
Posts: 5
Joined: Sun Aug 23, 2009 10:45 am
Location: Sweden
Contact:

Re: Hacking Z-Wave Home Automation Systems

Post by jompa68 »

Scary article but anything can be hacked i would say, so why should Zwave be more secure then a ordinarry lock with key.
Digit
Global Moderator
Global Moderator
Posts: 3388
Joined: Sat Mar 25, 2006 10:23 am
Location: Netherlands
Contact:

Re: Hacking Z-Wave Home Automation Systems

Post by Digit »

The problem is that, if the story told is true, it's less secure than an ordinary lock.
Because it can be opened by anyone, with a mouse click.
robmac
Starting Member
Starting Member
Posts: 6
Joined: Sat Dec 21, 2013 6:39 pm

Re: Hacking Z-Wave Home Automation Systems

Post by robmac »

Hi Jompa,

Totally agree this is not a massive issue. My interest was around the possibility of using the code and generic device or even cheaper one to debug the z wave network.

The protocol is not the central issue but poor implementation by some unnamed vendors. The testers found 1 lock and 1 movement sensor that had a poor implementation. So we can cross some manufacturers straight of the list of suspects. :D

The report also points out that there is a single shared secret for initial setup. Can't see an easy way around this for an interoperable standard where all devices should talk at setup and some of the devices have no UI so no way for a secret entry. So there is a tiny risk when your controller is in add mode.

The devices in question failed to validate the message exchange after setup as they should under the standard. One in a simplistic way so just record and resend. The other actually allowed the attacker to change the key used to decrypt the message that after setup should not have been possible other than from the connected controller.

IMO in the real world this is a bit far fetched that anyone would go to the effort of doing this rather than kicking a door in or smashing a window. As most of us have cameras and alarm systems we are not the easiest target group anyway.

BR,

robmac
JohnRobie
Starting Member
Starting Member
Posts: 5
Joined: Mon Dec 30, 2013 12:40 pm

Re: Hacking Z-Wave Home Automation Systems

Post by JohnRobie »

This! This is exactly the reason why I've never made the leap to having an electronic, remotely controllable door lock! A Z-Wave security system inside the home, sure - people who are going to break into my home aren't so sophisticated that they'd be able to identify the system, disable it, and break in - much easier for them to get into the neighbours homes and turn their places over. But having the primary entrance to my house as a node on the internet or a wireless node? That's just asking for some 14 year old (and worse) to break in IMO.
Post Reply

Return to “Z-Wave Forum”