Crushing the Wave - New Z-Wave vulnerabilities exposed
The current Z-Wave implementation lacks some major flaws regarding the protection against denial of service attacks targeting the gateway. Students of the University of Applied Sciences Emden / Leer, while under the supervision of the IT-Security specialists Patrick Felke and Frederik Gosewehr, discovered new attacks targeting the gateway within a Z-Wave Network. One of these attacks can lead to DOS of the complete Z-Wave network, disabling e.g. an alarm system, which was one of the testing candidates, for more than 20 minutes (waren das nicht eher 2 Minuten laut Public Disclosure?). Silicon Labs, the current owner of the Z-Wave standard, has already been informed and reacted in time informing all customers. The paper with full details of these attacks has been submitted to CCC-conference (C36C3), which takes place from 27th to 30th of December 2019 in Leipzig and will be published after that.