Z-Wave downgrade attacks: 100 million IoT devices are affected

Pen Test Partners, a UK-based network security company focused on penetration testing and security services, recently issued a warning that even with advanced encryption solutions, more than 100 million IoT devices provided by tens of thousands of suppliers are vulnerable to “Z- Wave downgrades the impact of the attack, which can cause an attacker to gain unauthorized access to the user’s device.

Z-Wave is a wireless communication protocol for home automation with a simple structure and reliable performance. It was developed by Zensys, a technology company located in Copenhagen, Denmark in 2001. US company Sigma Designs completed the acquisition of Z-Wave at Sigma Designs and announced on the 4th and 18th of this year that the Z-Wave business will be sold to Silicon Labs (also known as “Core Technology”) for US$240 million.

Wireless networks built on Z-Wave technology are often used for communication between home appliances and devices, allowing users to wirelessly control home appliances and other devices through local network devices or the Internet, such as lighting systems, security alarm systems, thermostats, smart locks and garage door openers, etc.

Ken Munro and Andrew Tierney, two security researchers from Pen Test Partners, pointed out that the latest security standard used by Z-Wave is called the S2 framework, which uses an advanced anonymous key protocol, namely the elliptic curve key exchange mechanism. (Elliptic-Curve Diffie-Hellman, ECDH), which shares a unique network key pairing process between the controller and the client device.

Off-the-shelf smart devices

After Silicon Labs took over the Z-Wave business, they forced the certified IoT devices to use the latest S2 framework because the previous S0 framework had been confirmed in 2013 as a security risk. The S0 framework uses a hard-coded encryption key (ie, 0000000000000000) to protect the network key, which allows an attacker to intercept traffic within the target device and this vulnerability is completely resolved in the S2 framework.

Munro and Tierney found that many IoT devices still support insecure S0 frameworks, and their purpose is to achieve compatibility. But they said that devices that support both frameworks at the same time are likely to be forced to downgrade the pairing process from S2 to S0 and name this downgrade attack technology “Z-Shave.”

 

The researchers explained that the node info command that contains the security class is completely unencrypted and has not been authenticated, allowing the attacker to allow interception or spoofing of commands without a security class node. This makes it easy for an attacker to intercept key exchanges within a certain range of the pairing process and obtain a network key that can remotely control the device.

Two researchers tested the Conexis L1 smart lock during the experiment. This is a smart lock produced by the British company Yale. The test results confirmed that they were able to steal the key and gain permanent control over the smart lock.

 

The researchers emphasized that we should focus our attention on the insecure S0 framework and the Z-Shave downgrade attack technology, not just the Conexis L1 smart door lock. According to related data, as of April 18 this year, a total of 2,400 suppliers of IoT devices used Z-Wave chips, covering a range of products such as door locks, lighting, heaters, and household alarms, while the number of products It may reach more than 100 million units.

In a blog post published last week, Silicon Labs confirmed the results of the Pen Test Partners research company but said that this downgrade attack is almost impossible to achieve in practice. Because initiating an attack requires the attacker to physically approach the device during the pairing process. Pairing is done during the initial installation or reinstallation and needs to be done by the device owner or the installation professional, which means that the device owner is trying to attack. Will definitely be at the scene.

Silicon Labs stated that although attacks are difficult to achieve in practice, they still attach great importance to reports submitted by partner companies. Completely replacing the S0 framework with the S2 framework cannot be completely implemented in the short term, because it needs to solve the compatibility problem.

Share