More Than 100 Million IoT Devices Vulnerable to Z-Shave Downgrade Attack

Internet of things (IOT), devices and connectivity concepts on a network, cloud at center. digital circuit board above the planet Earth.

Bitcoin rising and falling in financial business market concept with charts.

The security aspect of the devices being run in the Internet of Things (or IoT) has been a matter of concern in the trade but now, demonstrable evidence has surfaced through research done by an agency named Pen Test Partners.

They have found that the Z-Wave communication protocol (S2), developed by the company Silicon Labs, can be downgraded to its previous version (S0), exposing the devices to a cyberattack.

A specific name, “Z-Shave,” has been given to this vulnerability. It is learnt that over 100 million IoT-based devices could be potentially affected by this vulnerability.

The Handshake Protocol Is at Risk

Explaining the security flaw in detail through an in-depth blog post and accompanying video demonstration, the researchers have pointed out that when two devices in a typical paired ecosystem have a handshake using the radio frequency under the Z-Wave protocol, though they may be running on the higher and improved level of security termed S2, the vulnerability triggers communication to them indicating that one of the devices may not be upgraded to S2. Then, both devices fall back to using the S0 protocol, and that is when they can be hacked into.

With regards to how this trigger happens, it is being clarified that the person with the intention to perpetrate the attack needs to be within the range of the radio frequency—which is usually around 100 meters or around 330 feet.

Even more worrying is the fact that the hacker need not be physically present to wait for the pairing to take place and mount the attack.

There are devices that operate on battery power and can last several days. Such a device can also be left on the roof or the garden of the targeted building or residence, and it will wake up as soon as the pairing protocol comes on and inform the remote attacker.

Sounds scary indeed.

Number of Devices at Risk Is Huge

As indicated above, it is possible there are over 100 million such IoT devices involved in the cyberattack. This is based on the information that around 2,400 different brands or models have used this Z-Wave security protocol in their devices, and this rough estimate cannot be wrong.

The real worry is that many of these devices relate to security products such as remote locking systems (like the ones used in garage doors), lighting control switches, and so on.

A lot of technology goes into building these products and the security in their communication network, particularly between the device and its controlling unit, is critical as far as the user is concerned.

Z-Wave Not Fully Convinced

Internet of things , iot , smart home , smart city and network connect concept. Human hand holding white phone and iot icon with city sunset view and earth furnished by NASA. background and wifi icons

The security aspect of the devices being run in the Internet of Things (or IoT) has been a matter of concern in the trade but now, demonstrable evidence has surfaced through research done by an agency named Pen Test Partners.

When the researchers posted the details of the vulnerability online, the company Silicon Labs, which supplies the Z-Wave technology, countered it in a blog post that said their S2 security protocol was quite safe and reliable.

It is pertinent to note that the version S0, which was in use earlier, was reported with the vulnerability way back in 2013 and that is the reason they developed the more secure S2 protocol.

Now, the device manufacturers may have to go back to their records to find which of their devices could still be running on the old S0. This is because the downgrade is made possible with the S0 being present in the ecosystem.

Silicon Labs could be quite valid in their argument that the devices being run exclusively on S2 may be safe, but what if they are paired with other devices which still have the legacy S0 Z-Wave protocol?

The company suggests that the users could be made aware of the risks to their devices. However, observers are quick to point out that many of these devices are quite simple and hardly any user instructions are passed on.

The device makers do have a problem on their hands if they wish to avoid any loss of their own reputation due to this security flaw in the communication protocol.

It cannot be denied that the device manufacturers will find it difficult to switch to any other source of technology as an alternative to Z-Wave. Possibly, none of the alternatives in the market, including Bluetooth, offer the RF up to a distance that Z-Wave does.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.