A security flaw lies in wireless protocol Z-Wave is said to threaten more than 100 million connected devices in smart homes, according to British researchers from Pen Test Partners.
Z-Wave released the new security standard, the Z-Wave S2, in order to enhance device security. However, the researchers found that devices using the S2 standard could still be downgraded to the old protocol Z-Wave So.
A security flaw has long existed in the So standard. When two devices are paired, it uses a unified exchanged key. If attackers catch the pairing traffic coming from the network, they can decrypt the process and obtain the key.
The S2 standard adopts the Diffie-Hellman algorithm, which shares the secret and shifting keys securely.
The possibility to downgrade the security standard puts Z-Wave devices back to the exposure of this vulnerability.
According to the researchers, this attack can be carried from up to 100 meters away and all they need are Software Defined Radio tools and a free software Z-Wave controller.
Since the attack could only happen in the millisecond pairing process, Silicon Labs, the chip maker that bought the Z-Wave technology recently, admitted it’s a known vulnerability. However, the company doesn’t think it’s a serious threat in the real world since “there is an extremely small window in which anyone could exploit the issue,” said the company to Forbes.
The existence of the backward compatibility is to allow devices with the So standard to still pair with S2 devices, since not all Z-Wave devices have upgraded to the new security framework.
Although Silicon Labs indicated a warning will be sent to users if a downgrade attack happens, the researchers said that it would still be too late. The alert comes after the keys have been stolen.
There’s also the possibility to set up an automated listener waiting for paring, and execute an automated attack to grab the key, said the researchers.