Z-Shave

The Z-Wave wireless communications protocol used for some IoT/smart devices is vulnerable to a downgrade attack that can allow a malicious party to intercept and tamper with traffic between smart devices.

The attack —codenamed Z-Shave— relies on tricking two smart devices that are pairing into thinking one of them does not support the newer S-Wave S2 security features, forcing both to use the older S0 security standard.

The problem, as security researchers from Pen Test Partners have explained this week, is that all S0 traffic is secured by default with an encryption key of "0000000000000000."

An attacker that can trick a smart device into pairing with another device, a PC, or a smartphone app via the older S0 standard, can later decrypt all traffic exchanged between the two because the decryption key is widely known.

The Pen Test crew say they identified three methods that can be used to trick two devices into pairing via the old S0 instead of S2, even if both support the newer security standard.

Z-Shave attack is pretty dangerous

The Z-Shave attack is dangerous because devices paired via an older version of Z-Wave can become a point of entry for an attacker into a larger network, or can lead to the theft of personal property.

While this flaw might prove frivolous for some devices in some scenarios, it is a big issue for others —such as smart door locks, alarm systems, or any Z-Wave-capable device on the network of a large corporation.

Z-Wave maker plays down attack's importance

But in a blog post published on the same day Pen Test researchers published their work, Silicon Labs, the company behind the Z-Wave protocol downplayed the issue. The main criticism of the Z-Shave attack was that an attacker had a very very short time window to execute his attack.

"You would need advanced equipment in proximity to the home during the short installation process," a Silicon Labs spokesperson said.

"When installing a new device there is a very small window of time (milliseconds) to force the S2 to S0 reversion," he added. "The homeowner or professional installer will always be present during installation and is the only one who can initiate the inclusion process."

But Pen Test Partners dispute this latter claim, saying this is not actually an inconvenience.

"When we say active attacker – we don’t mean a guy in a hoody sat in a car with a laptop," said Pen Test's Andrew Tierney. "A battery-powered drop-box could be left outside the property for weeks, waiting for a pairing event to occur."

Tierney later added on Twitter that an attacker could also deploy a denial-of-service flaw against a targeted device to force it offline and trick the owner into re-pairing it at the attacker's convenience.

But Silicon Labs also claimed that the Z-Shave attack would also be hard to pull off because any time the devices would pair via S0 instead of S2 "the smart home controller or gateway will ALWAYS notify the user if S2 is reverted to S0 during the installation process."

Nonetheless, this claim was proven to be wrong in a demo video recorded by the Pen Test team, where researchers didn't receive any alert.

This issue can't be ignored for much longer because Z-Wave's popularity is growing among IoT device makers due to its superior range when compared to Bluetooth, being capable of interconnecting devices at distances of up to 100 meters. The protocol is believed to have been deployed with over 2,400 smart device models and in use by over 100 million devices.

More news articles and attention given to the Z-Shave attack might be the push that some device makers need to switch to the newer and more secure version of the protocol.

UPDATE: We've removed a part of this article after Silicon Labs has edited its initial official response.

Related Articles:

Remote Code Execution Flaws Found in FreeRTOS - Popular OS for Embedded Systems

WordPress Security Patch Addresses Privacy Leak Bug

Microsoft December 2018 Patch Tuesday Fixes Actively Used Zero-Day Vulnerability

Apple Fixes Passcode Bypass, RCE Vulnerabilities, and More in Today's Updates.

Adobe Flash Player Update Released for Remote Code Execution Vulnerability