The Vera Community forums have moved!

Advanced => Security => Topic started by: hightop32 on August 08, 2011, 02:30:10 pm

Title: Defcon blackhats look at Home Automation targets
Post by: hightop32 on August 08, 2011, 02:30:10 pm
http://www.wired.com/threatlevel/2011/08/hacking-home-automation

i noticed the small mention about z-wave... does anyone know more about this.. could it be the schlage lock they are talking about? 
Title: Re: Defcon blackhats look at Home Automation targets
Post by: Henk on August 08, 2011, 02:37:04 pm
@hightop32

Since mainly X10 is mentioned
Quote
The tools, which they’re releasing to the public, include the X10 Sniffer to determine what’s connected to the power network and monitor what the devices are doing, and the X10 Blackout, which can jam signals to interfere with the operation of lights, alarms, security cameras and other devices.

And the mentioning of ethernet over existing power lines in buildings, this seems to be a hack on earlier X10 based home automation.

Since Z-wave radiowave technology has been introduced things are a bit different. Especially with the communication from and to locks that is encrypted.

Hope that answers your question a bit.

Henk

--edit--
Quote
Kennedy, aka Rel1k, and Rob Simon, aka Kc57, spent two months researching and designing their open-source tools to conduct the hacks. The tools focus on home-automation systems that are based on the X10 protocol, which doesn’t support encryption. They also looked at the ZWave protocol, which does support AES encryption, but the one device they found that was using it, implemented the encryption incorrectly – the key exchange was done in the clear so an attacker could intercept the keys and decrypt all of the communication.

Does mention zwave technology but not the device in question.
Maybe someone else can elaborate on that!

http://www.wired.com/threatlevel/2011/08/hacking-home-automation

i noticed the small mention about z-wave... does anyone know more about this.. could it be the schlage lock they are talking about?  
Title: Re: Defcon blackhats look at Home Automation targets
Post by: hightop32 on August 08, 2011, 07:10:54 pm
understood.  that is why i asked.  i can only assume its the schlage since it uses AES encryption.  they mention the communication being encrypted, but the initial pairing shares the key that could be used to decipher the messages sent between the vera and the locks.  god forbid these guys ever get a hold of a vera, the thing would be blown wide open!  we know how fragile and insecure it is on the local lan.  much easier to attack the controller than the module communications!
Title: Re: Defcon blackhats look at Home Automation targets
Post by: shady on August 09, 2011, 08:34:54 pm
I saw the link posted here:

http://hackaday.com/2011/08/08/home-automation-systems-easily-hacked-via-the-power-grid/

I find it funny as some of the commenters do that they are worked on proving X10 was insecure, well it was developed before security was an issue and it doesn't have any AFAIK.  Stupid waste of time as we all know it is possible for you to turn on your neighbors X10 lights if the conditions are right, and this is easily fixed with a filter in the panel (exterior electrical outlets may be an issue, though).

The Z-Wave information is the interesting part and they don't tell you anything, or at least Wired doesn't.  Is this device passing the key in the clear during inclusion (who cares then) or during every communication?  I am still not worried about this kind of thing because I am a firm believer that any thief will take the path of least resistance (break or jimmy window or sliding door... easy) and not the most technologically advanced path (let me wait for my laptop to boot, darn USB cable always in the way, damn I lost my signal... difficult).
Title: Z-Wave Hackers!
Post by: DA INFERNO on August 10, 2011, 11:26:59 pm
http://www.cepro.com/article/home_automation_systems_easily_hacked_via_power_lines/ (http://www.cepro.com/article/home_automation_systems_easily_hacked_via_power_lines/)

This does not look good! :o
Title: Re: Z-Wave Hackers!
Post by: hightop32 on August 10, 2011, 11:51:35 pm
http://www.cepro.com/article/home_automation_systems_easily_hacked_via_power_lines/ (http://www.cepro.com/article/home_automation_systems_easily_hacked_via_power_lines/)

This does not look good! :o

No it really doesnt.  it looks like the 'author' of this 'article' Jason Knott, just basically copy and pasted everything from the wired article (less actually), including the image.  DAYS after the fact even.

edit: merged thread
Title: Re: Defcon blackhats look at Home Automation targets
Post by: guessed on August 10, 2011, 11:54:51 pm
@hightop32,
I merged the conversations together, since they were basically posting about the same 'event'...
Title: Re: Defcon blackhats look at Home Automation targets
Post by: hightop32 on August 10, 2011, 11:56:11 pm
The Z-Wave information is the interesting part and they don't tell you anything, or at least Wired doesn't.  Is this device passing the key in the clear during inclusion (who cares then) or during every communication?  I am still not worried about this kind of thing because I am a firm believer that any thief will take the path of least resistance (break or jimmy window or sliding door... easy) and not the most technologically advanced path (let me wait for my laptop to boot, darn USB cable always in the way, damn I lost my signal... difficult).

I hope its only during pairing!  Thats the only thing that makes any sense.  The real issue here isnt whether they could throw a rock into your window, but imagine owning/having access to a 'botnet' of homes at your control remotely.  a scripted/automated attack scanning for the already known limitations and bugs/workarounds in vera (again particularly its weak security on the local lan) could lead to some serious problems.  I mean we've already learned there are people/machines targeting the vera central servers.  some [profanity redacted] out there just want to cause disruption, not necessarily physically steal your stuff.
Title: Re: Defcon blackhats look at Home Automation targets
Post by: hightop32 on August 10, 2011, 11:59:00 pm
@hightop32,
I merged the conversations together, since they were basically posting about the same 'event'...

word.  that jason knott guy still sucks though.   ;)
Title: Re: Defcon blackhats look at Home Automation targets
Post by: hightop32 on August 13, 2011, 12:56:33 pm
soooo how vulnerable are these zwave devices to having commands sent to them from a 'spoofed' vera?  i understand the inclusion process, but could someone with the proper equipment fool a device into thinking the command came from its primary controller?  what stops this?
Title: Re: Defcon blackhats look at Home Automation targets
Post by: JOD on August 13, 2011, 01:21:02 pm
Quote
soooo how vulnerable are these zwave devices to having commands sent to them from a 'spoofed' vera?
Depends on what you mean by vulnerable.
By happenstance?
As an example, what are the chances that someone has the same front door key as you? Probability ~1 in 1,000,000
Chances of someone having the same Z-Wave home ID as you? 1 in 2,821,109,907,456

Quote
could someone with the proper equipment fool a device into thinking the command came from its primary controller?
Yes.

JOD.

Title: Re: Defcon blackhats look at Home Automation targets
Post by: suretyDIYchick on March 17, 2014, 11:48:31 am
It's definitely not the Yale lock. And I don't think its as large as a problem as its been made out to be. This article from Ryan Boder discusses why the blow up has been an over reaction - http://suretycam.com/can-hackers-unlock-my-z-wave-door-lock/

Hope that makes z-wave lock owners feel better. I know I feel very secure with my integrated z-wave lock.
Title: Re: Defcon blackhats look at Home Automation targets
Post by: AgileHumor on March 17, 2014, 12:39:07 pm
It's definitely not the Yale lock. And I don't think its as large as a problem as its been made out to be. This article from Ryan Boder discusses why the blow up has been an over reaction - http://suretycam.com/can-hackers-unlock-my-z-wave-door-lock/

Thanks for sharing, this makes me feel better after hearing the hype on this a few months ago.
Title: Re: Defcon blackhats look at Home Automation targets
Post by: aaronsquire on March 17, 2014, 01:03:31 pm
Locks only keep an honest person out anyways. If someone wants in they can get in, don't think they will go through the trouble of hacking into my vera to unlock my door. Would be annoying for some hacker to start messing with my stuff but one can also isolate themselves from the outside world by unplugging the ethernet cord.