Black Hat 2013 – Honey, I’m Home!! – Hacking Z-Wave Home Automation Systems

Behrang Fouladi & Sahand Ghanoun

8 Replies to “Black Hat 2013 – Honey, I’m Home!! – Hacking Z-Wave Home Automation Systems”

  1. Tom William

    I have an abundance of Z-Wave products locks lights motor control and I have not been able to hack into my own system with someone else's phone just by saying get status of garage door type lock, or turn on outside lites? lights. either way and fix the problem or this just doesn't work what a waste of a video watch two minutes and ended it

  2. Geert Kok

    Thank you for your research… I find it very clear that the protocols used by z-wave devices should clear out these kind of vulnerabilities. Thanks for the clear explanation on the internet of things… Could you give some suggestions on making the protocol issues dissappear?

  3. TheComputerPerson

    With the 'Warning' message you put at the beginning of the video is false. You can do that with Apple's HomeKit now which means Siri can control that now. Infact when I have been looking at smart home accessories it has been demonstrated with Siri and not android.

  4. George Novak

    Excellent video describing the nuts, bolts and vulnerability of these systems. I can now understand how the loose standards of Zwave can lead to the non-encrypted exchange of system keys. I know the controllers talk to each other, but I thought it was supposed to be a secure communication. You really opened my eyes, and saved me a lot of time with the in-depth packet analysis. From now on, I need to validate what goes through the air before trusting Zwave as a security controller. 

  5. T vb

    hm i dont get it ….what are trying to prove ???  only idiots don't know that electronics can be hacked…. what's new about this…. this guy is smiling like he came up with something new….LOL a room full of idiots….. anything can be stolen and everything can be hacked simple…. ONLY IT IS ILLEGAL   just like raping a girl is easy, killing random is easy…its also illegal…. ILLEGAL  end of story…

  6. Scott Williams

    If someone has already disabled the alarm system, a rock/brick through a window is much easier way to get in than hack into the z-wave protocol. No lock is going to stop someone who really wants to get in. This is over hyping. A good alarm system is hard to completely disable. The benifit of the zwave is if you forget to lock your door, you can do so immediately when you remember and not have to wait to drive back to your home. Or maybe you can't remember if you locked the door, you can check that without going back. Leaving your door unlocked is a much higher security risk than having a z wave lock.

  7. melongstrike

    Good stuff.
    I was looking to purchase the Z wave products for home automation so initially was very upset and disappointed that this information could be posted here so recklessly.

    However, I stuck around to watch the entire presentation and your intentions of this exploitation was far from malicious. 

    I hope the future Z wave products implement better security protocols to alleviate these issue and potential future exploits. 

    Thanks for sharing and educating. 


Leave a Reply

Your email address will not be published. Required fields are marked *