Millions of IoT Devices Vulnerable to Z-Wave Downgrade Attacks, Researchers Claim
Z-Wave is a wireless protocol used by 2,400 vendors; its wireless chipsets are embedded in an estimated 100 million smart devices ranging from door locks, lighting, heating systems and home alarms, according to Pen Test Partners, who released a report on the vulnerability on Wednesday.
According researchers, today’s Z-Wave systems are configured to support a “strong” S2 Z-Wave pairing security process. However, a proof-of-concept (PoC) attack demonstrates how a hacker could downgrade the higher S2 standard to a weaker S0 pairing standard, which allows an adversary to steal an encryption key and expose a device to compromise.
“Z-Wave uses a shared network key to secure traffic. This key is exchanged between the controller and the client devices (‘nodes’) when the devices are paired. The keys are used to protect the communications and prevent attackers exploiting joined devices,” researchers explained.