Skip to main content
  1. Home
  2. Smart Home
  3. News

Could this Z-Wave vulnerability put millions of smart home devices at risk?

By

If your smart home devices feature Z-Wave technology (they probably do), then you’re going to want to read this. Researchers have discovered an issue with Z-Wave that could make more than 100 million smart home devices vulnerable to a hack.

Testing firm Pen Test Partners said that it was able to obtain an older, weaker version of Z-Wave, allowing it to more easily hack devices and gain permanent control. The earlier Z-Wave pairing process, known as Z-Wave S0, had a vulnerability.

Recommended Videos

“Z-Wave uses a shared network key to secure traffic,” the researchers said on their website. “This key is exchanged between the controller and the client devices (‘nodes’) when the devices are paired. The keys are used to protect the communications and prevent attackers exploiting joined devices.”

Related

Z-Wave released its S2 pairing process to fix the original vulnerability. However, the researchers found that, while it’s difficult to hack Z-Wave’s S2, it’s not difficult to downgrade the S2 protocol back to the original version, making any Z-Wave smart device vulnerable to attacks.

According to Forbes, this downgrade would allow hackers to use the weak key to get permanent access to the smart device without the homeowner knowing. It should be noted that the Z-Wave S2 technology can be found in more than 100 million smart home devices, including light bulbs, locks, and alarms systems.

Z-Wave released a statement in response to the findings, saying it is confident its smart devices are secure and not vulnerable to threats.

“The key can only be intercepted during the pairing of the device to the network,” according to the post. “This is only done during the initial installation process, so the homeowner or installation professional would be present when the interception would be attempted, and they would receive a warning from the controller that the security level had changed.”

The makers of Z-Wave technology, Silicon Labs, further clarified in an email to Digital Trends.

“To do this, the bad actor either has to be in close proximity during the very brief time it takes to pair a device (we’re talking milliseconds) or have advanced equipment that has enough battery life to wait long enough for this event to occur at the home,” a spokesperson noted. “And again, the homeowner would know because of the alert. There are specific, coordinated conditions needed to initiate this type of threat and because of this there has not been a real-world instance reported to date,” the company said. “Any Z-Wave device that is already installed and paired is not vulnerable to threat.”

Editors’ Recommendations

Topics
Kayla Matthews
Kayla Matthews
Former Digital Trends Contributor
Kayla Matthews has written about smart homes and technology for Houzz, Dwell, Curbed and Inman. She is a senior writer for…
ElliQ is a smart home companion designed for your grandparents
ElliQ showing a workout while displayed on a white background.

Smart home gadgets are often designed for folks with decent technical chops. Installing a smart thermostat, syncing a smart speaker with your other electronics, or simply checking in on your Ring doorbell all require the user to be reasonably comfortable with technology -- and they all largely rely on a smartphone. That makes them less than ideal for older individuals who may not be keeping up with the latest tech trends.

ElliQ solves this problem, as it’s a smart home companion designed specifically for grandparents and older individuals who don't want to muck around with complex gizmos. Beyond offering an easy way to make calls, play music, or check the news, ElliQ is a bona fide companion that’s capable of interacting with people without any manual input. There’s no doubt it’s a compelling device, but it might not be the right fit for all seniors.

Read more
Adorable smart home robot unveiled at CES 2023 could be a great addition to your family
A child playing with the EBO X.

Every January, CES brings us a laundry list of innovative, intriguing products that’ll probably never see the light of day. Enabot, an under-the-radar robot company, seems to be bucking that trend at CES 2023, with its impressive EBO X smart home robot offering up dozens of futuristic features and a release date planned for the second quarter of this year.

EBO X is an adorable smart home robot that serves multiple purposes in your household. After mapping its surroundings, the self-balancing, two-wheeled companion can follow you around your home, provide two-way communication through its 4K camera, pump out music via its Harman speakers, sync with other Alexa devices, and provide security alerts while you’re away.

Read more
Is your smart home child-safe?
Roborock S7 cleaning while kids and pets play.

Smart home devices excel at saving time and taking orders, as well as provide us with a lot more data about how our homes behave. But those capabilities are mostly focused on adults – what happens when you add kids to the mix? While some brands like to tout the ability to track or monitor your kids, it’s not always that simple.

Families quickly learn that their children can become masters at using smart home tech, but that doesn’t mean all home automation is safe for them. That’s especially true for toddlers who may not understand what smart homes can do yet.

Read more