Have you guys seen this?
https://www.pentestpartners.com/security-blog/z-shave-exploiting-z-wave-downgrade-attacks/
Is it posible to implement a feature that detects this kind of attack?
From the article:
This means that an attacker in RF range when the device is paired can obtain the network key and attack any device on the network.
I don’t mean to imply that this is not a problem, but I think this is a relatively lower risk issue. Someone would have to be in very close proximity to your house (i.e., in or right next to) and watching your z-wave traffic at the moment your pair a device.
Attacks like this are lower risk because it’s so low yield for an attacker. They have to be in range of your z-wave controller at the moment a new device is paired - so it’s not like they can drive around looking for houses with z-wave and immediately open the z-wave door lock or exploit it with a script over the internet, etc.
This reminds me of early bluetooth days when similar issues existed with the pairing process.
3 Likes
Maybe it’s possible to detect, but I’m with @ha_steve - it’s overblown (IMO bordering on FUD). If something like this worries you then you should be more concerned that somebody could take a picture of your key when you approach your front door, and then 3D print a copy 
3 Likes
This is super low risk… For this attack to work you need:
- Attacker aware of your intent to add new z-wave devices
- Attacker in radio range of where you will add new device
- Perfect timing to force S0 versus S2 mode; as once S2 is negotiated and joined to network the window is closed! (the window is about 15 seconds - or less)
- Continue to stay inside radio range to be able to exploit the network
So the conditions for it to be exploited are pretty narrow. I am not saying it could not happen but it’s not likely.
I for one will continue to watch for strange vans on my front street before adding z-wave devices to ensure no deep-state attempts to gain control over my home lighting occurs!
2 Likes