Skip to main content
  1. Home
  2. Smart Home
  3. News

Could this Z-Wave vulnerability put millions of smart home devices at risk?

By
Add as a preferred source on Google

If your smart home devices feature Z-Wave technology (they probably do), then you’re going to want to read this. Researchers have discovered an issue with Z-Wave that could make more than 100 million smart home devices vulnerable to a hack.

Testing firm Pen Test Partners said that it was able to obtain an older, weaker version of Z-Wave, allowing it to more easily hack devices and gain permanent control. The earlier Z-Wave pairing process, known as Z-Wave S0, had a vulnerability.

Recommended Videos

“Z-Wave uses a shared network key to secure traffic,” the researchers said on their website. “This key is exchanged between the controller and the client devices (‘nodes’) when the devices are paired. The keys are used to protect the communications and prevent attackers exploiting joined devices.”

Z-Wave released its S2 pairing process to fix the original vulnerability. However, the researchers found that, while it’s difficult to hack Z-Wave’s S2, it’s not difficult to downgrade the S2 protocol back to the original version, making any Z-Wave smart device vulnerable to attacks.

According to Forbes, this downgrade would allow hackers to use the weak key to get permanent access to the smart device without the homeowner knowing. It should be noted that the Z-Wave S2 technology can be found in more than 100 million smart home devices, including light bulbs, locks, and alarms systems.

Z-Wave released a statement in response to the findings, saying it is confident its smart devices are secure and not vulnerable to threats.

“The key can only be intercepted during the pairing of the device to the network,” according to the post. “This is only done during the initial installation process, so the homeowner or installation professional would be present when the interception would be attempted, and they would receive a warning from the controller that the security level had changed.”

The makers of Z-Wave technology, Silicon Labs, further clarified in an email to Digital Trends.

“To do this, the bad actor either has to be in close proximity during the very brief time it takes to pair a device (we’re talking milliseconds) or have advanced equipment that has enough battery life to wait long enough for this event to occur at the home,” a spokesperson noted. “And again, the homeowner would know because of the alert. There are specific, coordinated conditions needed to initiate this type of threat and because of this there has not been a real-world instance reported to date,” the company said. “Any Z-Wave device that is already installed and paired is not vulnerable to threat.”

Kayla Matthews
Kayla Matthews
Former Contributor
Kayla Matthews has written about smart homes and technology for Houzz, Dwell, Curbed and Inman. She is a senior writer for…
Topics
Beyond the Boundary Wire: How Yardcare and the New N1600PRO are Leading the Robotic Mower Revolution
With automated routes and advanced mapping, Yardcare N1600 PRO robot lawn mower is made to meet modern lifestyle with smart precision.
Grass, Lawn, Plant

The weekend morning dread is a real situation, and homeowners know it pretty well. I've often woken up with the realization that the next few hours will be spent toiling with the hum of a petrol engine machine and hours of pushing a heavy mower around the yard. We’ve all been there, sweating under the sun, in our quest to achieve a green carpet that looks fine at best, but rarely ever achieves the work done by an expert. A fully automated solution should address all those problems, but finding a reliable one isn't a cakewalk.

The hassles of setting up boundary wire, mastering the navigation, and requiring constant manual supervision don't really sound like an autonomous dream. But tech is finally catching up, and one of its best specimens is Yardcare’s N1600PRO. The latest from Yardcare ensures that lawn care no longer means non-stop manual effort, but relaxed efficiency. If you're a homeowner who is increasingly leaning toward automation to take care of your yard space, Yardcare is here to help you make that smart shift with the N1600PRO.

Read more
Apple is reportedly sitting on new products because Siri AI isn’t ready
Inventory shortages suggest launches are near, but delays tell a different story
Apple HomePod Featured

Apple might have new products ready to go, but it’s just not launching them yet. According to a recent report from Bloomberg, inventory for devices like the HomePod, HomePod mini, and Apple TV is running low across Apple Stores globally.

Normally, that’s a clear sign that refreshed models are around the corner. But this time, there’s a twist. Apple is reportedly holding back releases because its next-generation Siri and AI features aren’t ready yet.

Read more
Google Home update soups up Gemini and fixes frustrating papercuts
The latest Google Home update speeds up Gemini, adds new languages, and fixes recurring annoyances to make voice control smoother and smarter.
Gemini for Home devices

Google is rolling out a fresh update for the Google Home app that makes Gemini a lot more useful in day-to-day use, while also addressing several small but frustrating issues that have been holding it back. The new release follows an update from earlier this month that also brought performance improvements and bug fixes for Gemini's smart home voice controls.

What's new with Gemini for Home?

Read more