With over 100 million devices communicate in the smart home protocol called Z-Wave, it’s one of the most popular protocols and is used in all sorts of devices. From motion sensors to smart lights and also door locks. Z-Wave technology stands strong in device safety and offers great reliability. Nevertheless, over it’s years in the market some vulnerabilities has been found and in this blog post we will explain what the recent discovery called “Z-shave” is and how it affects you as a user.
What is S0 and S2 security? 🔑
First thing first, let us learn what these security levels called S0 and S2 are.
S0 and S2 are security layers within the Z-Wave Protocol that are used to encrypt the data that is sent between devices.The initiation of S0/S2 is done during device pairing. The older pairing process is called S0. The latest Z-Wave devices are implemented with a new, more secured, S2. Which is mandatory on devices from April 2nd 2017.
S2 includes ‘unauthenticated S2’ and ‘authenticated S2’, where the authenticated devices has a unique authentication code on them.
What is Z-Shave?
Z-shave is a newly discovered hack found by researchers from Pen Test Partners, tested on smart door locks using Z-Wave S2. What they found is that an attacker can force a downgrade from the secure Z-wave S2 to less secure Z-wave S0 during a pairing process. The vulnerability they have found is thus not related to Z-wave S2 in itself, but rather to how the Z-Wave products can be fooled into using the less secure option due to Z-wave always being backward compatible.
It means that during this type of attack the homeowner (installation professional) will become aware that the link is running S0 instead of S2 and could therefore prevent the attack easily. The attacker would also require physical proximity to the device during the pairing (inclusion) process, making the risk of this even happening very low.
Here is a demonstration executed by Pen Test Partners. Read their full report here.
How does Animus Heart handle and help prevent this?
Animus Heart is one of the few Z-Wave hubs/controllers that support S2. When you as a user will try to pair an S2 device, our wizard will automatically bring you to the S2 security process:
Step 1. Even if it is an S2 device, you can manually choose what security level you wish to proceed with. S0, S2 (unauthenticated) or S2(authenticated). We always recommend you to choose S2.
Step 2. Put the device in pairing mode.
Step 3. Follow the instructions on the guide (if you have chosen authenticated S2 you have to add the authentication key found on the device).
Step 4. Check and confirm that the device was added securly.
Let’s say you are adding an S2 device with an authentication key. During the process, two things might happen to you:
- Most likely – You walk through all the steps mentioned above with ease, which includes writing the authentication key.
- The only time to be concerned – If the process is skipped or your S2 device was added without having to enter any security key. Then there is a chance that someone downgraded the device to S0 during pairing. If this happens, we advise you to remove the device and redo the pairing process. (Don’t be too quick judging your neighbour 😜)
At the end of every Z-Wave adding process the guide will also warn you that S0 security was used and if that isn’t what you were going for, then redo the adding.
Screen showing a device that has S2 but was added with S0 (knowingly).
Screen giving warning that device was added with S0.
Furthermore, a grey lock-icon will be added on the devices that we suspect has been added wrong. We advise you to remove these devices from your system and re-add them.
A grey lock-icon with the text “unsecure” showing in a device that has a failed security in the Animus Heart.
Once again we wish to note that the risk is minimal that someone would be able to hack your device exactly during your adding process. Nevertheless, it’s important to be aware and know what to do if you suspect something bad.
The Animus Home Team
Leave a Reply