Author Topic: Defcon blackhats look at Home Automation targets  (Read 8383 times)

Offline hightop32

  • Jr. Member
  • **
  • Posts: 91
  • Karma: +0/-0
Defcon blackhats look at Home Automation targets
« on: August 08, 2011, 02:30:10 pm »
http://www.wired.com/threatlevel/2011/08/hacking-home-automation

i noticed the small mention about z-wave... does anyone know more about this.. could it be the schlage lock they are talking about? 

Offline Henk

  • Beta Testers
  • Hero Member
  • *****
  • Posts: 820
  • Karma: +3/-0
Re: Defcon blackhats look at Home Automation targets
« Reply #1 on: August 08, 2011, 02:37:04 pm »
@hightop32

Since mainly X10 is mentioned
Quote
The tools, which they’re releasing to the public, include the X10 Sniffer to determine what’s connected to the power network and monitor what the devices are doing, and the X10 Blackout, which can jam signals to interfere with the operation of lights, alarms, security cameras and other devices.

And the mentioning of ethernet over existing power lines in buildings, this seems to be a hack on earlier X10 based home automation.

Since Z-wave radiowave technology has been introduced things are a bit different. Especially with the communication from and to locks that is encrypted.

Hope that answers your question a bit.

Henk

--edit--
Quote
Kennedy, aka Rel1k, and Rob Simon, aka Kc57, spent two months researching and designing their open-source tools to conduct the hacks. The tools focus on home-automation systems that are based on the X10 protocol, which doesn’t support encryption. They also looked at the ZWave protocol, which does support AES encryption, but the one device they found that was using it, implemented the encryption incorrectly – the key exchange was done in the clear so an attacker could intercept the keys and decrypt all of the communication.

Does mention zwave technology but not the device in question.
Maybe someone else can elaborate on that!

http://www.wired.com/threatlevel/2011/08/hacking-home-automation

i noticed the small mention about z-wave... does anyone know more about this.. could it be the schlage lock they are talking about?  
« Last Edit: August 08, 2011, 02:38:54 pm by Henk »
| Vera2 @ UI4 1.1.1350 / 3.20 | Vera Lite @ UI5 | Vera 3 @ UI5 | 2x Merten  504519 | 1x Duewi  064374 | 1x Everspring SM103 doorbell mod |1 Y-cam IP cam | various LUUP plugins |

Offline hightop32

  • Jr. Member
  • **
  • Posts: 91
  • Karma: +0/-0
Re: Defcon blackhats look at Home Automation targets
« Reply #2 on: August 08, 2011, 07:10:54 pm »
understood.  that is why i asked.  i can only assume its the schlage since it uses AES encryption.  they mention the communication being encrypted, but the initial pairing shares the key that could be used to decipher the messages sent between the vera and the locks.  god forbid these guys ever get a hold of a vera, the thing would be blown wide open!  we know how fragile and insecure it is on the local lan.  much easier to attack the controller than the module communications!

Offline shady

  • Beta Testers
  • Hero Member
  • *****
  • Posts: 1324
  • Karma: +11/-0
  • This monkey knows his Window Coverings!
Re: Defcon blackhats look at Home Automation targets
« Reply #3 on: August 09, 2011, 08:34:54 pm »
I saw the link posted here:

http://hackaday.com/2011/08/08/home-automation-systems-easily-hacked-via-the-power-grid/

I find it funny as some of the commenters do that they are worked on proving X10 was insecure, well it was developed before security was an issue and it doesn't have any AFAIK.  Stupid waste of time as we all know it is possible for you to turn on your neighbors X10 lights if the conditions are right, and this is easily fixed with a filter in the panel (exterior electrical outlets may be an issue, though).

The Z-Wave information is the interesting part and they don't tell you anything, or at least Wired doesn't.  Is this device passing the key in the clear during inclusion (who cares then) or during every communication?  I am still not worried about this kind of thing because I am a firm believer that any thief will take the path of least resistance (break or jimmy window or sliding door... easy) and not the most technologically advanced path (let me wait for my laptop to boot, darn USB cable always in the way, damn I lost my signal... difficult).
« Last Edit: August 09, 2011, 08:38:06 pm by shady »
Vera3 1.5.346, Schlage (3)DB (2)Lever, Kwikset (1)Lever, RCS TZ43 Thermo, (2) Vizia RZI06-1LX 600W Dimmers, (17) Monster (Leviton) Dimmers (6) Monster (Leviton) IWC Scene Controllers (1) Etherrain-8, (3) HSM 100's (1)GE 3-Way set

Offline DA INFERNO

  • Sr. Newbie
  • *
  • Posts: 45
  • Karma: +0/-0
Z-Wave Hackers!
« Reply #4 on: August 10, 2011, 11:26:59 pm »

Offline hightop32

  • Jr. Member
  • **
  • Posts: 91
  • Karma: +0/-0
Re: Z-Wave Hackers!
« Reply #5 on: August 10, 2011, 11:51:35 pm »
http://www.cepro.com/article/home_automation_systems_easily_hacked_via_power_lines/

This does not look good! :o

No it really doesnt.  it looks like the 'author' of this 'article' Jason Knott, just basically copy and pasted everything from the wired article (less actually), including the image.  DAYS after the fact even.

edit: merged thread
« Last Edit: August 11, 2011, 12:00:09 am by hightop32 »

Offline guessed

  • Master Member
  • *******
  • Posts: 5295
  • Karma: +90/-22
  • Release compat is not a bolted-on afterthought
Re: Defcon blackhats look at Home Automation targets
« Reply #6 on: August 10, 2011, 11:54:51 pm »
@hightop32,
I merged the conversations together, since they were basically posting about the same 'event'...

Offline hightop32

  • Jr. Member
  • **
  • Posts: 91
  • Karma: +0/-0
Re: Defcon blackhats look at Home Automation targets
« Reply #7 on: August 10, 2011, 11:56:11 pm »
The Z-Wave information is the interesting part and they don't tell you anything, or at least Wired doesn't.  Is this device passing the key in the clear during inclusion (who cares then) or during every communication?  I am still not worried about this kind of thing because I am a firm believer that any thief will take the path of least resistance (break or jimmy window or sliding door... easy) and not the most technologically advanced path (let me wait for my laptop to boot, darn USB cable always in the way, damn I lost my signal... difficult).

I hope its only during pairing!  Thats the only thing that makes any sense.  The real issue here isnt whether they could throw a rock into your window, but imagine owning/having access to a 'botnet' of homes at your control remotely.  a scripted/automated attack scanning for the already known limitations and bugs/workarounds in vera (again particularly its weak security on the local lan) could lead to some serious problems.  I mean we've already learned there are people/machines targeting the vera central servers.  some [profanity redacted] out there just want to cause disruption, not necessarily physically steal your stuff.
« Last Edit: August 11, 2011, 10:32:50 am by JOD »

Offline hightop32

  • Jr. Member
  • **
  • Posts: 91
  • Karma: +0/-0
Re: Defcon blackhats look at Home Automation targets
« Reply #8 on: August 10, 2011, 11:59:00 pm »
@hightop32,
I merged the conversations together, since they were basically posting about the same 'event'...

word.  that jason knott guy still sucks though.   ;)

Offline hightop32

  • Jr. Member
  • **
  • Posts: 91
  • Karma: +0/-0
Re: Defcon blackhats look at Home Automation targets
« Reply #9 on: August 13, 2011, 12:56:33 pm »
soooo how vulnerable are these zwave devices to having commands sent to them from a 'spoofed' vera?  i understand the inclusion process, but could someone with the proper equipment fool a device into thinking the command came from its primary controller?  what stops this?

Offline JOD

  • Beta Testers
  • Hero Member
  • *****
  • Posts: 1973
  • Karma: +4/-0
Re: Defcon blackhats look at Home Automation targets
« Reply #10 on: August 13, 2011, 01:21:02 pm »
Quote
soooo how vulnerable are these zwave devices to having commands sent to them from a 'spoofed' vera?
Depends on what you mean by vulnerable.
By happenstance?
As an example, what are the chances that someone has the same front door key as you? Probability ~1 in 1,000,000
Chances of someone having the same Z-Wave home ID as you? 1 in 2,821,109,907,456

Quote
could someone with the proper equipment fool a device into thinking the command came from its primary controller?
Yes.

JOD.

I'm sorry, my responses are limited. You must ask the right questions.

Offline suretyDIYchick

  • Newbie
  • *
  • Posts: 1
  • Karma: +0/-0
Re: Defcon blackhats look at Home Automation targets
« Reply #11 on: March 17, 2014, 11:48:31 am »
It's definitely not the Yale lock. And I don't think its as large as a problem as its been made out to be. This article from Ryan Boder discusses why the blow up has been an over reaction - http://suretycam.com/can-hackers-unlock-my-z-wave-door-lock/

Hope that makes z-wave lock owners feel better. I know I feel very secure with my integrated z-wave lock.

Offline AgileHumor

  • Hero Member
  • *****
  • Posts: 984
  • Karma: +51/-27
  • KISS
Re: Defcon blackhats look at Home Automation targets
« Reply #12 on: March 17, 2014, 12:39:07 pm »
It's definitely not the Yale lock. And I don't think its as large as a problem as its been made out to be. This article from Ryan Boder discusses why the blow up has been an over reaction - http://suretycam.com/can-hackers-unlock-my-z-wave-door-lock/

Thanks for sharing, this makes me feel better after hearing the hype on this a few months ago.
WMC Leviton:18xVPE06,8xVRS15,3xVRP03-W,2xVRR15,4xVRCS4,2xVRCS2,VP00R,8xVRS15 Aeon:5xDSC06106,4xDSC24,4xDSC25,12xDSB29,2xDSC11,4xDSB54,DSB05,3xDSA22,DSA38,2xDSA03202B,DSB09104,HEM Other:3xYale,12xHSM100v3,7xSP103,45604,WDHA-12,SSA2USR,EVLCD1T,6xWWA02A,7xIPC-HFW2100,URTSI,Hue,Russound,OpenSprinker

Offline aaronsquire

  • Full Member
  • ***
  • Posts: 144
  • Karma: +3/-0
Re: Defcon blackhats look at Home Automation targets
« Reply #13 on: March 17, 2014, 01:03:31 pm »
Locks only keep an honest person out anyways. If someone wants in they can get in, don't think they will go through the trouble of hacking into my vera to unlock my door. Would be annoying for some hacker to start messing with my stuff but one can also isolate themselves from the outside world by unplugging the ethernet cord.
Thanks!