Over 100 million Internet-of-Things (IoT) devices from thousands of vendors are vulnerable to a downgrade attack that permits the hackers to attain unauthorized access to your devices. This issue which was discovered by a team of researchers lies in the implementation of Z-Wave protocol. This protocol which is primarily used for home automation devices is a wireless, radio frequency (RF) based communications technology to communicate with devices up to 100 meters.
Z-Wave protocol was designed to provide an easy process to set up pairing and remotely control appliances such as lighting control, security systems, thermostats, windows, locks, swimming pools and garage door openers that can be used at a distance of up to 100 meters.
The latest security standard for Z-Wave, called S2 security framework, uses an advanced key exchange mechanism, i.e., Elliptic-Curve Diffie-Hellman (ECDH) anonymous key agreement protocol, to share unique network keys between the controller and the client device during the pairing process.
Z-Wave was developed by Zensys but is now owned by the Silicon Labs who have made it mandatory for certified IoT devices to use the latest S2 security standard even though millions of smart devices still support the older version of pairing process, called S0 framework, for compatibility.
S0 standard was vulnerable to a critical fault in 2013 because it used an encryption key (i.e. 0000000000000000) to protect the network key, that allowed the attackers within the range of the targeted devices to interrupt the communication. The S0 decryption attack was first exposed by the cybersecurity consulting company SensePost. But it wasn’t considered as a serious issue by the Silicon Labs
On analysis the team of security researchers from UK-based Pen Test Partners found that those devices which support both versions of key-sharing mechanisms could be forced to downgrade the pairing process from S2 to S0.
The downgrade attack which has been dubbed as Z-Shave by the researchers makes it easier for an attacker in range during the pairing process to intercept the key exchange and obtain the network key to command the device remotely.
This vulnerability was found while comparing the process of key exchange using S0 and S2, as the node info command which contains the security class is being transferred unencrypted and unauthenticated, thereby letting the attackers to intercept spoofed node command without setting the security class.
The researchers Ken Munro and Andrew Tierney have demonstrated how an attacker could unlock a door by using a Conexis L1 Smart Door Lock, a flagship product of British company Yale that ships for $360. They succeeded by degrading its security and ultimately steal the keys and get permanent access to the lock, and from there to the building protected by it even without the knowledge of the user.
Silicon Labs have posted on their blog in response to the Pen Test Partners’ findings on Wednesday, saying the company is confident its smart devices are secure and not vulnerable to such threats.
It was reported in the blog that “S2 is the best-in-class standard for security in the smart home today, with no known vulnerabilities, and mandatory for all new Z-Wave products submitted for certification after April 2, 2017.”
The company claims that after the adoption of S2 framework across the ecosystem, the issue existed in Z-Wave for providing backward compatibility, so that S2 devices can work in an S0 network (and vice versa). They also said that there are procedures to notify and alert their users when secure devices connect to networks using downgraded communications. However, the IoT device manufacturers does not provide any user interface to show such alerts and so the users do not become aware of this attack.