Home automation system are good to create your version of a smart house, it gives you access from anywhere in the world to remotely control your lights, door locks, house temperature, electric appliances, water valves, alarm system, garage door, the ability to open and close your shades and blinds, or even to turn on music and crank up the volume. With the Z-Wave wireless protocol for home automation you can pretty much use all those cool features against the home owner, there will be several presentations about attacking the automated house at the upcoming Las Vegas hackers’ conferences Black Hat USA 2013 and Def Con 21.
Shodan can spot easily home automation devices, it’s pretty much a search engine for hackers. Since the home automation market is predicted to exceed $5.5 billion in 2016, it’s a serious problem, having a smart house has become very trendy and the underground community is ready, as always, to make some serious money.
Renowed hacker Bjorn Jensen from Cepro -, “Today, I could scan for open ports on the Web used by a known control system, find them, get in and wreak havoc on somebody’s home. I could turn off lights, mess with HVAC systems, blow speakers, unlock doors, disarm alarm systems and worse.”
The Z-wave wireless protocol is the big thing curently in regards to home automation; according to the Z-Wave website, “over 700 interoperable products available, 12 million Z-Wave products worldwide.Supported by over 160 manufacturers and service providers throughout the world, and can be found in thousands of hotels, cruise ships, and vacation rentals; including 65,000 devices in the flagship Wynn Hotel in Las Vegas, NV.”
It’s pretty easy to sniff AES encryption keys when initializing the devices and inject packets. Basically the key exchange is done in clear code so an attacker could intercept the keys and decrypt all of the communication. Currently there has been almost no public security research done on the Z-Wave protocol so this underground business will be gainful. It also can enable control over the physical world resulting in discomfort, covert audio/video surveillance, physical access or even personal harm. If your door lock or space heater are compromised, you’re going to have a very bad day.
Zigbee and Z-wave wireless communication protocols are the most common used RF technology in home automation systems. Z-wave is a proprietary wireless protocol that works in the Industrial, Scientific and Medical radio band (ISM). It transmits on the 868.42 MHz (Europe) and 908.42MHz (United States) frequencies designed for low-bandwidth data communications in embedded devices such as security sensors, alarms and home automation control panels. Z-wave chips have 128-bit AES polycrypto engines, which are used by access control systems, such as door locks, for authenticated packet encryption. An open source implementation of the Z-wave protocol stack, openzwave, is available but it does not support the encryption part as of yet. During Black Hat USA 2013 and Def Con 21, they will show how the Z-Wave protocol can be subjected to attacks.