Security issue in z-wave !????

Hello everybody,

i have a question about the security of z-wave.

Don’t you think that it’s a problem if i come to your house and exclude your devices
and controllers from your network using my Remote which doesn’t know your network,
without any trust informations ?

If i understand z-wave right it is possible to exclude a device from a network using just the
exclude command of a device which is not connected to any network.

For me and official buildings i think this is a very big security issue…

Please tell me your thoughts.

Thanks, Gig.

I do not think that this is possible. In order for you to exclude a device, it first needs to be included. It should not be possible for you to exclude it from my network if you do not have it included.

You may even be able to exclude from your remote, but you would not be part of my network and could not exclude from me.

If you are able to activate the include/exclude button on the device, I have a problem.

But it is not possible to activate it logical on any Z-Wave device, I have tried. It is always a physical button.

Hence no security issue.

@bennynations

You can reset a Z-Wave device by excluding it. It doesn’t need to be on your network to do that.

unless you can get close enough to each device and press the button then your not going to accomplish anything.

If your in my house, with malicious intent, I’ve got far more problems than someone controlling my Z-Wave devices. Yes, anyone can get a remote, and exclude my devices and include them to their remote, but you have to physically press the button and be in close proximity to the device. If you have physical access, you could remove the light switch and replace it with one of your own if you wanted.

Z-Wave isn’t really designed for commercial applications. It is meant more for residential applications where the general public does not have access to the devices. Also, the next best defense is not to attach Z-Wave control to devices that are dangerous for wireless control. If someone turns on or off my lights, or changes my thermostat setting, it would be annoying, but not dangerous.

@mikemsd
Sure. Your lights would be annyoing. What about your garage ?
Your door lock ?

I can’t understand how z-wave is goning to get a real standard if such problems could exists ? I’m not paranoid but looking forward to get new light switches, door locks, coffie makers controlled by z-wave. But do you really think that new devices are going to be designed if it’s so easy to disturb such networks ?

The z-wave technologie uses a interesting routing protocol. So the distance between sender and receiver could be more than 30ft if other devices are between them in the network. So i don’t need to be in your house to disturb your z-wave network.

I’m new to z-wave and spend hundreds of euros to get my home controlled by z-wave. I believe that z-wave is a real and cost efficient solution compared to other home automation systems. I don’t want to scare anybody but i want to improve the technologie to get a real chance to use it in future.

Greeting, Gig.

Are you saying that someone else could actually pair with my Schlage lock?? It seemed almost impossible for me to do it…and the unpair process had to happen. It only will unpair what it was paired to.

@bennynations
your right. I should only be able to unpair or disconnect the device.

About schlage lock i don’t have any experiences how easy it could be.

This thread is only to discuss a possible problem…

I will not say that it’s a problem for your use of z-wave.

Gig.

@bennynations

I don’t know the locks. I am in EU. :slight_smile: But other Z-Wave devices will exclude, even if not included. A door magnet will.

@Gigulon.

The include/exclude process don’t work as the rest of the network. You need to be very near the device, you what to exclude.

And I have never tried anything encrypted, Hence I don’t know if a encrypted device will exclude.

[quote=“Gigulon, post:7, topic:166577”]@mikemsd
Sure. Your lights would be annyoing. What about your garage ?
Your door lock ?[/quote]

I don’t use Z-Wave to control my garage, however, even if I did, the issue again becomes, how did the untrusted person access my garage to reprogram my Z-Wave controller? The issue exists with all wireless devices. With a traditional garage door opener, they could just add a universal remote with the program button on my opener. Z-Wave here does not introduce any issues that didn’t already exist with giving an untrusted person access to spaces that should be closed to the public.

Same thing with the door lock. Why are they in my house to access the controls to reprogram my door lock. I do not own a Schalge or Kwikset lock, however, I would imagine the program buttons would be either on the inside, or you would need a PIN to access the programming button. Again, if the person is inside, then my security is already breached. That person could just rekey my old style lock, or inspect the cylinder and determine the key pattern to have one cut for the door.

If you’ve lost control of the physical access to the devices, all bets are off.

EDIT: spelling fix.

Have you read this?
http://wiki.micasaverde.com/index.php/Security_Concerns