The issue resides in the implementation of Z-Wave protocol—a wireless, radio frequency (RF) based communications technology that is primarily being used by home automation devices to communicate with each other.
Z-Wave protocol has been designed to offer an easy process to set up pairing and remotely control appliances—such as lighting control, security systems, thermostats, windows, locks, swimming pools and garage door openers—over a distance of up to 100 meters (330 feet).
The latest security standard for Z-Wave, called S2 security framework, uses an advanced key exchange mechanism, i.e., Elliptic-Curve Diffie-Hellman (ECDH) anonymous key agreement protocol, to share unique network keys between the controller and the client device during the pairing process.
Even after Silicon Labs, the company who owns Z-Wave, made it mandatory for certified IoT devices to use the latest S2 security standard, millions of smart devices still support the older insecure version of pairing process, called S0 framework, for compatibility.
S0 standard was found vulnerable to a critical vulnerability in 2013 due to its use of a hardcoded encryption key (i.e. 0000000000000000) to protect the network key, allowing attackers in range of the targeted devices to intercept the communication.
discovered that devices which support both versions of key-sharing mechanisms could be forced to downgrade the pairing process from S2 to S0.
Dubbed Z-Shave by the researchers, the downgrade attack makes it easier for an attacker in range during the pairing process to intercept the key exchange, and obtain the network key to command the device remotely.
🔐 Mastering API Security: Understanding Your True Attack Surface
Discover the untapped vulnerabilities in your API ecosystem and take proactive steps towards ironclad security. Join our insightful webinar!Join the Session
Researchers found the vulnerability while comparing the process of key exchange using S0 and S2, wherein they noticed that the node info command which contains the security class is being transferred entirely unencrypted and unauthenticated, allowing attackers to intercept or broadcast spoofed node command without setting the security class.
You can also watch the video of the Z-Shave attack, wherein the researchers demonstrated how an attacker could unlock a door.
Silicon Labs published a blog post in response to the Pen Test Partners' findings on Wednesday, saying the company is confident its smart devices are secure and not vulnerable to such threats.
"S2 is the best-in-class standard for security in the smart home today, with no known vulnerabilities, and mandatory for all new Z-Wave products submitted for certification after April 2, 2017," reads the blog post.However, the company said that since the adoption of S2 framework across the ecosystem could not happen overnight, the issue existed in Z-Wave for providing backward compatibility, so that S2 devices can work in an S0 network (and vice versa).
The company also said there are procedures in place to notify and alert users in times when secure devices connect to networks using downgraded communications, but IoT device manufacturers hardly provide any user interface to show such alerts, leaving users unaware of this attack.