Z-Shave - a downgrade attack against the latest Z-Wave security standard
In Summary : Z-Wave uses a shared network key to secure traffic. This key is exchanged between the controller and the client devices (‘no...
https://updatesinfosec.blogspot.com/2018/05/z-shave-downgrade-attack-against-latest.html
In Summary :
Z-Wave uses a shared network key to secure traffic. This key is
exchanged between the controller and the client devices (‘nodes’) when
the devices are paired. The keys are used to protect the communications
and prevent attackers exploiting joined devices. The earlier pairing process (‘S0’) had a vulnerability – the network
key was transmitted between the nodes using a key of all zeroes, and
could be sniffed by an attacker within RF range. This issue was documented by Sensepost in 2013. We have shown that the improved, more secure pairing process (‘S2’) can be downgraded back to S0, negating all improvements. [...]
kindly refer the following link as follow up :
https://ift.tt/2GGI3Qx
Z-Wave uses a shared network key to secure traffic. This key is
exchanged between the controller and the client devices (‘nodes’) when
the devices are paired. The keys are used to protect the communications
and prevent attackers exploiting joined devices. The earlier pairing process (‘S0’) had a vulnerability – the network
key was transmitted between the nodes using a key of all zeroes, and
could be sniffed by an attacker within RF range. This issue was documented by Sensepost in 2013. We have shown that the improved, more secure pairing process (‘S2’) can be downgraded back to S0, negating all improvements. [...]kindly refer the following link as follow up :
https://ift.tt/2GGI3Qx
