If you are interested in security, you might already know Steve Gibson’s podcast “Security now”. You might not agree with all of his opinions, but he collects quite a lot of information what’s happening in computer security. Make sure you understand what part of the podcast is advertisement and what is real information – as it is not always obvious.
At the latest episode, Steve has a look at an attack to Z-Wave that had been shown recently. As the podcast is always long, you should skip to 1:41 (minute 101).
Steve has some valid points against Z-Wave. Especially the fact that most of the standard isn’t publicly available means that there can be flaws in the design or the system that can’t be easily corrected. However, if you look at the presentation the podcast if referring to, you will see that the guys did not break the Z-Wave encryption. It just wasn’t available in the network they hacked into as it isn’t widely used today.
Does this mean Z-Wave is secure? Not really, but it also doesn’t mean that Z-Wave is insecure in general. We just don’t know yet how secure it is. Would I use it for a door lock? Most likely not. But it might be still a relatively inexpensive choice for some non-critical functionalities.
- Breaking Bulbs Briskly By Bogus Broadcasts: https://github.com/AFITWiSec/EZ-Wave/blob/master/ShmooCon2016_presentation.pdf