Crushing the Wave -- new Z-Wave vulnerabilities exposed
This exposes security flaws in smart home systems, posing risks for users and manufacturers, but is incremental as it builds on known protocol weaknesses.
The paper tackles vulnerabilities in the Z-Wave protocol by describing two denial of service attacks using modified unencrypted packets, which can block a gateway's communication and disable the entire connected network.
This paper describes two denial of service attacks against the Z-Wave protocol and their effects on smart home gateways. Both utilize modified unencrypted packets, which are used in the inclusion phase and during normal operation. These are the commands Nonce Get/S2 Nonce Get and Find Nodes In Range. This paper shows how both can be manipulated and used to block a Z-Wave gateway's communication processing which in turn disables the whole Z-Wave network connected to it