The Z-Wave wireless communications protocol used for some IoT/smart devices is vulnerable to a downgrade attack that can allow a malicious party to intercept and tamper with traffic between smart devices.
The attack —codenamed Z-Shave— relies on tricking two smart devices that are pairing into thinking one of them does not support the newer S-Wave S2 security features, forcing both to use the older S0 security standard.
The problem, as security researchers from Pen Test Partners have explained this week, is that all S0 traffic is secured by default with an encryption key of "0000000000000000."
An attacker that can trick a smart device into pairing with another device, a PC, or a smartphone app via the older S0 standard, can later decrypt all traffic exchanged between the two because the decryption key is widely known.
The Pen Test crew say they identified three methods that can be used to trick two devices into pairing via the old S0 instead of S2, even if both support the newer security standard.
Z-Shave attack is pretty dangerous
The Z-Shave attack is dangerous because devices paired via an older version of Z-Wave can become a point of entry for an attacker into a larger network, or can lead to the theft of personal property.
While this flaw might prove frivolous for some devices in some scenarios, it is a big issue for others —such as smart door locks, alarm systems, or any Z-Wave-capable device on the network of a large corporation.