Skip to main content
  1. Home
  2. Smart Home
  3. News

Could this Z-Wave vulnerability put millions of smart home devices at risk?

Kayla Matthews
By

If your smart home devices feature Z-Wave technology (they probably do), then you’re going to want to read this. Researchers have discovered an issue with Z-Wave that could make more than 100 million smart home devices vulnerable to a hack.

Testing firm Pen Test Partners said that it was able to obtain an older, weaker version of Z-Wave, allowing it to more easily hack devices and gain permanent control. The earlier Z-Wave pairing process, known as Z-Wave S0, had a vulnerability.

Recommended Videos

“Z-Wave uses a shared network key to secure traffic,” the researchers said on their website. “This key is exchanged between the controller and the client devices (‘nodes’) when the devices are paired. The keys are used to protect the communications and prevent attackers exploiting joined devices.”

Related

Z-Wave released its S2 pairing process to fix the original vulnerability. However, the researchers found that, while it’s difficult to hack Z-Wave’s S2, it’s not difficult to downgrade the S2 protocol back to the original version, making any Z-Wave smart device vulnerable to attacks.

According to Forbes, this downgrade would allow hackers to use the weak key to get permanent access to the smart device without the homeowner knowing. It should be noted that the Z-Wave S2 technology can be found in more than 100 million smart home devices, including light bulbs, locks, and alarms systems.

Z-Wave released a statement in response to the findings, saying it is confident its smart devices are secure and not vulnerable to threats.

“The key can only be intercepted during the pairing of the device to the network,” according to the post. “This is only done during the initial installation process, so the homeowner or installation professional would be present when the interception would be attempted, and they would receive a warning from the controller that the security level had changed.”

The makers of Z-Wave technology, Silicon Labs, further clarified in an email to Digital Trends.

“To do this, the bad actor either has to be in close proximity during the very brief time it takes to pair a device (we’re talking milliseconds) or have advanced equipment that has enough battery life to wait long enough for this event to occur at the home,” a spokesperson noted. “And again, the homeowner would know because of the alert. There are specific, coordinated conditions needed to initiate this type of threat and because of this there has not been a real-world instance reported to date,” the company said. “Any Z-Wave device that is already installed and paired is not vulnerable to threat.”

Editors' Recommendations

Topics
Kayla Matthews
Kayla Matthews
Contributor
Kayla Matthews has written about smart homes and technology for Houzz, Dwell, Curbed and Inman. She is a senior writer for…
Can we power the smart home with ambient radio waves?
motorola guru wireless charging partnership 2

At CES, we saw Samsung show off a TV remote that powers itself with nearby wireless waves, eliminating the need to even have a battery. While our own A/V Editor Phil Nickinson is skeptical about the prospect, I'm more hopeful for the broad implications.

If Samsung applies this tech at scale and includes this remote in all of its TVs from here on out, there's going to be a marked reduction in the number of batteries that need to be made. That's ultimately good news for the planet, and likely saves everyone a few bucks. The amount of power saved from charging those batteries is going to be fairly minimal, seeing as how TV remotes don't use much juice to begin with. That said, is the air crackling with enough invisible power to keep other low-demand smart home devices operating?

Read more
The smart home hacking scene in Scream is possible, but you’re probably OK
august announces homekit compatibility doorbell camera smart lock close

Two elements combined to make this article happen. The first was that October was Cybersecurity Awareness Month. Second, smack-dab in the middle of the month, the first trailer for the new Scream movie dropped. It contained a scene that had us a little concerned. See if you can spot it.

Scream | Official Trailer (2022 Movie)

Read more
Getting my smart home devices to switch Wi-Fi networks is annoying
Amazon Echo Show 5 (2nd Gen 2021) on table.

Let's address the two-dozen little elephants in the room: Swapping all of my smart home devices to a new Wi-Fi network should not be as annoying as it is. I recently switched to a new router, which means the SSID (network name) changed. Every smart device in my home had to be reconnected to the new network, but what I found is that there is no cohesive way to do that.

This is further exacerbated by the fact that certain devices, like the Amazon Echo, require you to press a physical button on the device as part of the change. Smart home technology is only as smart as its weakest link, and the difficulty in swapping networks is unnecessarily frustrating.
Smart home tech needs to be accessible in one place
A smart home hub should function as a central control, rather than just a way to quickly control devices. The most-used system in my home is Alexa, and I use the Alexa app to monitor and control the majority of devices throughout my home. If the device is Amazon-branded, I can change its network through the Alexa app.

Read more