5-year-old IoT attack resurfaces, puts millions of devices at risk – TechRepublic
Update: Z-Wave reached out in response and provided additional details about Z-Shave. Most critically, according to Raoul Wijgergangs, VP/GM of Z-Wave for Silicon Labs, and Lars Lydersen, senior director of product security, Silicon Labs, is that the vulnerability can’t be forced from outside a Z-Wave IoT network, and the window to take advantage of it is only 20 milliseconds.
Lydersen stressed that adding a device to an IoT network has to be done from the control station, meaning no one hiding outside could add a device—they would have to be listening precisely when an IoT network user was adding a device.
Adding more context to the technical side of things, Lydersen added devices that support S2 security aren’t vulnerable if an S0 key is stolen—only other S0 devices would be exposed.