Could this Z-Wave vulnerability put millions of smart home devices at risk?

If your smart home devices feature Z-Wave technology (they probably do), then you’re going to want to read this. Researchers have discovered an issue with Z-Wave that could make more than 100 million smart home devices vulnerable to a hack.

Testing firm Pen Test Partners said that it was able to obtain an older, weaker version of Z-Wave, allowing it to more easily hack devices and gain permanent control. The earlier Z-Wave pairing process, known as Z-Wave S0, had a vulnerability.

“Z-Wave uses a shared network key to secure traffic,” the researchers said on their website. “This key is exchanged between the controller and the client devices (‘nodes’) when the devices are paired. The keys are used to protect the communications and prevent attackers exploiting joined devices.”

Z-Wave released its S2 pairing process to fix the original vulnerability. However, the researchers found that, while it’s difficult to hack Z-Wave’s S2, it’s not difficult to downgrade the S2 protocol back to the original version, making any Z-Wave smart device vulnerable to attacks.

According to Forbes, this downgrade would allow hackers to use the weak key to get permanent access to the smart device without the homeowner knowing. It should be noted that the Z-Wave S2 technology can be found in more than 100 million smart home devices, including light bulbs, locks, and alarms systems.

Z-Wave released a statement in response to the findings, saying it is confident its smart devices are secure and not vulnerable to threats.

“The key can only be intercepted during the pairing of the device to the network,” according to the post. “This is only done during the initial installation process, so the homeowner or installation professional would be present when the interception would be attempted, and they would receive a warning from the controller that the security level had changed.”

The makers of Z-Wave technology, Silicon Labs, further clarified in an email to Digital Trends.

“To do this, the bad actor either has to be in close proximity during the very brief time it takes to pair a device (we’re talking milliseconds) or have advanced equipment that has enough battery life to wait long enough for this event to occur at the home,” a spokesperson noted. “And again, the homeowner would know because of the alert. There are specific, coordinated conditions needed to initiate this type of threat and because of this there has not been a real-world instance reported to date,” the company said. “Any Z-Wave device that is already installed and paired is not vulnerable to threat.”


4 women innovators who are using tech to help others live better lives

Meet four women leaders who are not only at the forefront of technology today, but also using tech — from robotics and medicine to food and undergarments — to help others.

Fibaro smart devices are now compatible with the Samsung SmartThings hub

Samsung SmartThings now supports even more devices with the integration of Fibaro, a company known for its smart home sensors. Several Fibaro devices are already compatible, with more on the way.

Rooting your Android device is risky. Do it right with our handy guide

Wondering whether to root your Android smartphone or stick with stock Android? Perhaps you’ve decided to do it and you just need to know how? Here, you'll find an explanation and a quick guide on how to root Android devices.

Think iPhones can’t get viruses? Our expert explains why it could happen

If your iPhone has been acting strangely, then you may be concerned about the possibility it is infected with a virus or some malware. We take a look at just how likely that is and explain why iOS is considered relatively safe.

Amazon and Kia team up to simplify EV home-charging station installs

Kia Motors announced a new program with Amazon for electric vehicles. Customers planning to purchase a new Kia EV or PHEV can check out recommended Level 2 240-volt home charging stations and arrange installation in their homes.
Smart Home

Traeger’s latest wood-pellet grills are smoky, smart, and spacious

Traeger is famous in the world of barbecue and heavy-duty grills for its signature pellet grills and now the company is expanding this year by adding three new brands of redesigned
Emerging Tech

Awesome Tech You Can’t Buy Yet: Write music with your voice, make homemade cheese

Check out our roundup of the best new crowdfunding projects and product announcements that hit the web this week. You may not be able to buy this stuff yet, but it sure is fun to gawk!
Smart Home

The five best teeth-whitening kits you can buy on Amazon

Teeth whitening can have a major impact on a person’s smile and overall appearance. You don't necessarily have to go to the dentist to get your teeth whitened though. Here are the best teeth-whitening kits you can buy.
Smart Home

Is your Keurig making gross coffee? Might be time for a cleaning

No one likes a dirty, scaled, or smelly Keurig, but how are you supposed to clean them? Before you throw yours out the window, here is a quick guide on cleaning your machine out thoroughly.
Smart Home

Which is better, the original Echo or the Echo Dot? We compare them

Amazon Echo vs. Dot: Having Alexa answer your questions is nothing short of futuristic, but which device should you get? There are some big differences between the two, especially in size, sound, and cost.
Product Review

Gate’s Smart Lock is locked and loaded but ultimately lacks important basics

In a world of video cameras and doorbells comes the Gate Smart Lock, a lock with a video camera embedded. It’s a great idea, but lacks some crucial functionality to make it a top-notch product.
Smart Home

Viral porch pirate videos freak people out, cause unrealistic concern

Viral porch pirate videos convince others crime is more prevalent than facts indicate. According to polls, even though FBI reports show property crime rates are at historic lows, more people worry about crime today than ever before.
Smart Home

Sony’s Aibo robot dog can now patrol your home for persons of interest

Sony released the all-new Aibo in the U.S. around nine months ago, and since then the robot dog has (hopefully) been melting owners' hearts with its cute looks and clever tricks. Now it has a new one up its sleeve.

Amazon slashes $77 off the iRobot Roomba 690 multisurface robot vacuum

This special offer comes just in time for you to get a head start on spring cleaning. The Roomba 690 robot vacuum sucks up dust, dirt and pet hair — all while you're away at the office.