how serious is this vulnerability in z-wave when using domoticz?

[akamming]

Hi,

since i'm considering purchasing a z-wave lock on my door (like the danalock) i started to search the internet for z-wave vulnerabilities and found this issue:

https://www.forbes.com/sites/thomasbrew ... b55ed94517

The way I interpret the vulnerability is that it occurs by downgrading the key exchange process to an older unsafe version of that process..

Does anyone know if domoticz is affected by this issue? it should only be an issue if the older s0 process is used, and apparantly this can be detected by the hub. I just don't know if domoticz does detect and if so, it will warn me as a user that it occurred....

Kr Arnold

[Fishwaldo]

A very sensational article from Forbes. I'd expect better from them.

Yes - Its a issue in S0, which OZW uses. But you can only exploit this during the inclusion process of the Lock (or whatever you are including). So once your network is setup - this is a non-issue

Personally, if I'm going to break into your house, I'm not going to sit outside with a Z-Wave Sniffer waiting for you to include a Device Securely... I'm going to just walk up and smash a window

[waaren]

Personally, if I'm going to break into your house, I'm not going to sit outside with a Z-Wave Sniffer waiting for you to include a Device Securely... I'm going to just walk up and smash a window

Now that's what I would call a brute force attack in the true meaning of the word!

[akamming]

Thanks. If i understand correctly: this means the only risk is that if someone would sniff the network during pairing of any device, they would have the means to control just that device?

then i agree it's a negligible risk...

just out of curiosity:does anyone know when the s2 pairing will be supported?

[lost]

Thanks. If i understand correctly: this means the only risk is that if someone would sniff the network during pairing of any device, they would have the means to control just that device?

Whole network would IMO be at risk as it's a symmetric key exchange done at pairing: You catch the key, you own the network. But in fact, you're at risk also when you pair a BPL plug: A default homeplug key is used for pairing... on top of that, if you never press the association buttons "because it just works", this one will remain! Just plug a brand new device and you'll see some careless neighbors network...
Z-wave association is supposed to occur at reduced radio power (thus the need to be keep device and controller close doing so) to limit the risk. So that'a also a specific device with a hight gain antenna/radio amplifier that would be needed.

There is probably much more risk to have a z-wave device almost freely accessible from outside (i.e not a PIR/alarm sensor that would switch a siren if triggered) from which network key may be extracted (like a door ring switch) if stolen.

[Fishwaldo]

Whole network would IMO be at risk as it's a symmetric key exchange done at pairing: You catch the key, you own the network.

That’s correct. Every device includes securely is now owned.

Z-wave association is supposed to occur at reduced radio power (thus the need to be keep device and controller close doing so) to limit the risk.

True once upon a time but Z-wave has had Network Wide Inclusion (NWI) for a long time now. (I can’t remember if it was included in Zwave+ or not).




Sent from my iPhone using Tapatalk