Ransomware and Your Smart Home – The Security of Z-Wave

Smart home technology is all around us, but what’s the security of Z-Wave, the wireless communications protocol that drives the inter-connectivity of your devices? 

The world around us is changing by the second. Innovation in wireless connectivity and the protocols that allow devices to talk to each other is what makes smart homes a reality.

Home automation lets you automatically unlock your door the moment you are in front of it. With a simple tap on an app on your smartphone, the lights in your room can change color depending on your mood. The possibilities are virtually endless.

Nevertheless, the inter-connectivity of each and every device you use in your home opens the doors to a debate with regard to one’s personal security and privacy.

As we recently saw, a global world-wide hacking attack can target hundreds of thousands in mere minutes out of nowhere. In just a few weeks WannaCry became the biggest threat for personal computers and devices and it continues to evolve.

If encrypting the files on your laptop for a ransom seems like big enough of a threat, who’s to say that the next target won’t be your home? What’s more, the attack was carried out via an exploit in Windows and today there are even talks of Linux ransom-ware.

Having in mind that Windows has been around since 1985, while the first version of Linux was released in September, 1991, who’s to say that the much newer wireless protocols don’t have a backdoor of their own?

Let’s discuss the matter taking a look at what’s considered to be the most secure home automation wireless protocol.

What’s Z-Wave?

Z-Wave is a proprietary wireless communications protocol developed by Danish startup called Zensys. Initially released in 2005, the home automation protocol gained traction due to its stability, security, low power consumption and ease of installation. Among its other benefits, Z-Wave is affordable for both manufacturers and end-consumers, resulting in a huge ecosystem of interconnected devices.

Regular smart home enthusiasts have probably already heard of the protocol. If you haven’t you might also want to check out our full Z-Wave detailed overview. But, no matter whether you are a fully fledged DIY home automation guru or just want to ensure that Alexa won’t turn her back on you, the issue persists.

Smart devices are all around us and they use the internet as much as we do. What’s more, locking the devices in your house might seem like enough of a threat, but what if we told you that Z-Wave connected light bulb can actually be hacked to explode? Can a hacker take control of your life?

The Security of Z-Wave in Smart Home Devices

Z-Wave can be found in over 1,200 home automation devices and while some prefer ZigBee or even Bluetooth LE, the go-to choice of most enthusiasts is in fact Z-Wave. From thermostats to smoke detectors, the wireless communications protocol lets the smart devices in your home easily communicate with each other. The protocol is also popular for use in the IoT sector, most notably in wireless sensor networks.

The Security of Z-Wave shown via Protocol Layers
The Protocol Layers that make up the security of Z-Wave Protocol || Original Image by SensePost UK Ltd.

Implemented in numerous infamous solutions, Z-Wave is considered to be one of the most secure protocols currently available. This is primarily due to the encryption algorithms and the specifications of the authentication header, combined with the data origin and the frame format and architecture of the protocol.

Primarily, the security comes from the security layer of Z-Wave transmitters that includes the MAC address and encrypts the transmitted data. What’s more, when pairing a device the wireless protocol has a specific syncing procedure where a network key allows for communication is shared between devices.

Nevertheless, this networking layer and the process of pairing devices is exactly the place where a hacker can strike.

Usually, this is done by backwards engineering the transmitter and exploit the package sending process by impersonating a paired controller with the shared network key.

Although no specific cases of Z-Wave security exploits were publicly known, a thing ZigBee and X-10 weren’t able to boast about, before long two enthusiasts were able to show just how easy this could be done.

The Z-Wave Smart Door Lock Hack

Earlier in 2016, Joseph Hall and Ben Ramsey tested as much as 33 different Z-Wave devices with regard to their security. Presented via a talk at the 2016 Shmoocon, a hacker convention, the two guys managed to show just how easy it is to hijack a Z-Wave device.

During the talk itself, Joseph and Ramsey demonstrated the hijicking of different Z-Wave devices. They did so by using two HackRF One units, a device used for multiple connection purposes. According to the duo’s tests, out of the 33 units, only nine used actual encryption.

One of the most notable parts of the talk and their tests is that only five out of the eight door locks they tested had such encryption. Nevertheless, while this might bring the security of Z-Wave protocol in smart lock into question, the fact of the matter is that the other three locks did have encryption, which a user could enable and configure at their own liking.

What’s more, the now infamous hack at Shmoocon only ended up showing the importance of encryption in the device manufacturing process itself. This means that as long as the manufacturers manage to do everything properly, Z-Wave is secure enough to hold up to any hacks.

Improvements in the Security of Z-Wave Protocol

Earlier this year, the Z-Wave Alliance decided to take a further stance on the issue of security. After a vote in November of 2016, this April a mandatory security implementation was issued in order for all Z-Wave certified devices.

Called Security 2 (S2), the framework is considered to be one of the most advanced security options for smart home devices. Mitchell Klein, an executive director of the Z-Wave Alliance, stated that they are committed to making the Z-Wave ecosystem the safest one on the market. He went to further mention that they ensure the safety by working with service providers, developers, manufacturers and consumers alike.

Developed in conjunction with cyber-security experts, the new Z-Wave S2 framework aims to secure the communication between devices and the communication between devices and the cloud.

An interesting part of the improvement of the security of Z-Wave comes from the fact that new devices will now use physical means to further ensure safety from hackers. The means will come in the form of stickers or prints found on the devices themselves that feature a unique QR or Pin-Code to serve as an additional step in the authentication and pairing process.

The cloud-based security of the Z-Wave S2 framework comes from the implementation of TSL 1.1 tunneling during the Z/IP traffic. Further, the man in the middle and brute force hacks, such as the ones used in the Shmoocon hacks, were made virtually impossible via a secure key exchange using ECDH.

What does it all mean for the safety of your smart home?

As of now, there are no known exploits of the Z-Wave wireless communication protocol. What’s more, most are terrified for the security of their smart devices due to exploits, such as the one found in Windows mentioned earlier. The situation with the safety of Z-wave devices is relatively different.

Software developers and hardware developers alike, tend to go the further mile to ensure the security of your smartphone and laptop. However, the ecosystem of the inter-connectivity of smart home devices is much different than an OS.

First and foremost, Z-Wave is a transmitter and a wireless protocol for a reason. Much like web browsers like Chrome tend to communicate with serves via a secure SSL encryption, the devices in your home use Z-Wave and the encryption it provides to communicate with each other.

What’s more, the Z-Wave over IP connection that allows your smart home gadgets to communicate with the cloud has a level of security of its own.

Of course, that isn’t to say that there won’t be an exploit in the protocol found in the future. With Heartbleed, we learned that even what we cherish as most secure can be vulnerable to attacks.

Nevertheless, any scares you might have for the security of Z-Wave devices after the ransom-ware attacks has no basis. At least sort-of. 

Ensuring the Security of Z-Wave Devices in your Home

You see, the security of the Z-Wave ecosystem as a whole relies not only on the Z-Wave Alliance and the protocol itself, but also on the manufacturer of the device. As shown with the Shmoocon example, the hacking enthusiasts used breaches in the security of manufactured devices, not the protocol itself.

The Z-Wave Alliance does show a dedication towards security and with the latest mandatory Z-Wave S2 standards, manufacturers now must have proper safety measures to be granted the seal of approval.

This further shows that in the future, your Z-Wave smart home devices will be safer and more secure than ever before.

Nevertheless, you must also be aware of a possible security breach and ensure that you take the extra measures to protect your smart devices. Before buying, make sure to check whether or not the manufacturer has taken any steps to further ensure the security. When setting up a device, go to see if the encryption Z-Wave provides you with isn’t simply an opt-in one. Ensure that everything is paired correctly.

In the world where ninety percent of what we do passes through the online cloud, safety and security should be our top priority. Nevertheless, much like we can’t be physically safe to an extent of one-hundred percent, our technology can never be unbreakable. At this point, the security of Z-Wave protocol is as good as it basically gets. What’s more, the Z-Wave Alliance ensures to take further measures to ensure that manufacturers follow suit towards achieving a safer ecosystem.

Still, most of the time, we are the creators of our own doom. Accepting Terms and Conditions without reading them and opting-in on data collection without second-guessing the service provider, we trade our safety for comforts. In politically divided times, even Net Neutrality might be at a risk. We are not trying to be mean or scare you. We just want to put an emphasis on the fact, that there are much bigger threats to our online safety we should consider, than the security of Z-Wave protocol and our smart home devices.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.