We are at Black Hat 2013 this week and have seen some really cool hacks. Today, we saw “Honey, I`m Home!! Hacking Z-Wave Home Automation Systems” presented by Behrang Fouladi and Sahand Ghanoun. They demonstrated how easy it is to unlock someone`s house with a laptop and a sub-$75 radio card. While you can encrypt your data and add protections to prevent packet replay, if you assume the other end is always friendly you can have a problem.
The Z-Wave protocol uses a pre-shared key to encrypt a proper random number for use as the key for AES encryption of the connection. Teasing the pre-shared key out of the devices wasn`t interesting to the researchers. They found an easier method.
The demo involved forcing a controllable dead-bolt lock using the protocol stack to rekey with a new home-controller: a human sitting at a laptop with a cheap radio. Once the dead-bolt rekeyed, it accepted the human`s unlock command and opened the door.
Public-key cryptography can solve this problem. Providing a method for your home automation equipment to trust each other will give you the physical security you desire with your dead-bolt locks.
wolfSSL provides public-key authentication with industry standard bulk encryption in a small package. Please contact us today for more information.