Skip to main content
  1. Home
  2. Smart Home
  3. News

Could this Z-Wave vulnerability put millions of smart home devices at risk?

By

If your smart home devices feature Z-Wave technology (they probably do), then you’re going to want to read this. Researchers have discovered an issue with Z-Wave that could make more than 100 million smart home devices vulnerable to a hack.

Testing firm Pen Test Partners said that it was able to obtain an older, weaker version of Z-Wave, allowing it to more easily hack devices and gain permanent control. The earlier Z-Wave pairing process, known as Z-Wave S0, had a vulnerability.

Recommended Videos

“Z-Wave uses a shared network key to secure traffic,” the researchers said on their website. “This key is exchanged between the controller and the client devices (‘nodes’) when the devices are paired. The keys are used to protect the communications and prevent attackers exploiting joined devices.”

Z-Wave released its S2 pairing process to fix the original vulnerability. However, the researchers found that, while it’s difficult to hack Z-Wave’s S2, it’s not difficult to downgrade the S2 protocol back to the original version, making any Z-Wave smart device vulnerable to attacks.

According to Forbes, this downgrade would allow hackers to use the weak key to get permanent access to the smart device without the homeowner knowing. It should be noted that the Z-Wave S2 technology can be found in more than 100 million smart home devices, including light bulbs, locks, and alarms systems.

Z-Wave released a statement in response to the findings, saying it is confident its smart devices are secure and not vulnerable to threats.

“The key can only be intercepted during the pairing of the device to the network,” according to the post. “This is only done during the initial installation process, so the homeowner or installation professional would be present when the interception would be attempted, and they would receive a warning from the controller that the security level had changed.”

The makers of Z-Wave technology, Silicon Labs, further clarified in an email to Digital Trends.

“To do this, the bad actor either has to be in close proximity during the very brief time it takes to pair a device (we’re talking milliseconds) or have advanced equipment that has enough battery life to wait long enough for this event to occur at the home,” a spokesperson noted. “And again, the homeowner would know because of the alert. There are specific, coordinated conditions needed to initiate this type of threat and because of this there has not been a real-world instance reported to date,” the company said. “Any Z-Wave device that is already installed and paired is not vulnerable to threat.”

Editors' Recommendations

Topics
Kayla Matthews
Kayla Matthews
Contributor
Kayla Matthews has written about smart homes and technology for Houzz, Dwell, Curbed and Inman. She is a senior writer for…
Is your smart home child-safe?
Roborock S7 cleaning while kids and pets play.

Smart home devices excel at saving time and taking orders, as well as provide us with a lot more data about how our homes behave. But those capabilities are mostly focused on adults – what happens when you add kids to the mix? While some brands like to tout the ability to track or monitor your kids, it’s not always that simple.

Families quickly learn that their children can become masters at using smart home tech, but that doesn’t mean all home automation is safe for them. That’s especially true for toddlers who may not understand what smart homes can do yet.

Read more
Can we power the smart home with ambient radio waves?
motorola guru wireless charging partnership 2

At CES, we saw Samsung show off a TV remote that powers itself with nearby wireless waves, eliminating the need to even have a battery. While our own A/V Editor Phil Nickinson is skeptical about the prospect, I'm more hopeful for the broad implications.

If Samsung applies this tech at scale and includes this remote in all of its TVs from here on out, there's going to be a marked reduction in the number of batteries that need to be made. That's ultimately good news for the planet, and likely saves everyone a few bucks. The amount of power saved from charging those batteries is going to be fairly minimal, seeing as how TV remotes don't use much juice to begin with. That said, is the air crackling with enough invisible power to keep other low-demand smart home devices operating?

Read more
The smart home hacking scene in Scream is possible, but you’re probably OK
august announces homekit compatibility doorbell camera smart lock close

Two elements combined to make this article happen. The first was that October was Cybersecurity Awareness Month. Second, smack-dab in the middle of the month, the first trailer for the new Scream movie dropped. It contained a scene that had us a little concerned. See if you can spot it.

Scream | Official Trailer (2022 Movie)

Read more