Z-Shave Attack Could Impact Over 100 Million IoT Devices
The Z-Wave wireless communications protocol used for some IoT/smart devices is vulnerable to a downgrade attack that can allow a malicious party to intercept and tamper with traffic between smart devices. The attack —codenamed Z-Shave— relies on tricking two smart devices that are pairing into thinking one of them does not support the newer S-Wave S2 security features, forcing both to use the older S0 security standard. An attacker that can trick a smart device into pairing with another device, a PC, or a smartphone app via the older S0 standard, can later decrypt all traffic exchanged between the two because the decryption key is widely known.
The Pen Test crew say they identified three methods that can be used to trick two devices into pairing via the old S0 instead of S2, even if both support the newer security standard. The Z-Shave attack is dangerous because devices paired via an older version of Z-Wave can become a point of entry for an attacker into a larger network, or can lead to the theft of personal property. While this flaw might prove frivolous for some devices in some scenarios, it is a big issue for others —such as smart door locks, alarm systems, or any Z-Wave-capable device on the network of a large corporation.
But in a blog post published on the same day Pen Test researchers published their work, Silicon Labs, the company behind the Z-Wave protocol downplayed the issue. The main criticism of the Z-Shave attack was that an attacker had a very very short time window to execute his attack. But Pen Test Partners dispute this latter claim, saying this is not actually an inconvenience.