1. Honey, IHoney, IHoney, IHoney, IHoney, IHoney, IHoney,
IHoney, Im Home!!m Home!!m Home!!m Home!!m Home!!m Home!!m Home!!m
Home!! Hacking ZHacking Z--Wave Home Automation SystemsWave Home
Automation Systems Behrang Fouladi,SensePost UK Sahand Ghanoun
2. HomeHome AutomationAutomation
3. Central Control Entry Control Smart Appliances Home
Entertainment System Lighting Home Security CCTV Sensors HVAC
4. FamilyGuyfromFoxBroadcastingCompany
5. Convenience Accessibility Security EnergyManagement
RemoteMonitoring&Control
6. Z-Wavedevicestobeshippedin2013 5 million
7. How Does It Work?How Does It Work?
8. Wireless AES-128 WPA/WPA2 E0
9. Power Line Dual Band Proprietary AES-128
10. DoorLock Door/WindowSensor MotionSensor Siren
11. ExploitationFramework Joshua Wright. 2009. Zigbee
Wardriving Kit Travis GoodSpeed. 2012. PenTestingOverPowerLines
Dave Kennedy, Rob Simon. 2011.
12. Why ZWhy Z--Wave?Wave?
13. According to Z-Wave Alliance
80%ofUShomesecuritymarketisZ-Wave 2012 NAHB survey shows Wireless
home security tops homeowners wishlist Proprietary protocol
Nopublicresearchsofar...
14. ZZ--WaveWave ProtocolProtocol
15. Physical Transport Network Application Security
ErrorDetection&Retransmission Acknowledgment 32-bitHomeID
8-bitsNodeID MeshNetwork TopologyDiscovery AutomaticHealing
Encryption,Anti-replayandMAC Devicespecificcommands¶meters
Physical 868.42(EU)/908.42(US)MHz 9.6/40/100KbpsPhysical ZZ--Wave
Protocol StackWave Protocol Stack
16. RF ConfigurationsRF Configurations FSK Modulation 9.6/40
kbps 868.42/40 MHz (EU) 20KHz Manchester/NRZ
17. TexasInstrumentsCC1110TexasInstrumentsCC1110
SubSub--1GHzRF1GHzRFtranscievertransciever SoCSoC
SupportsZSupportsZ--WaveconfigurationsWaveconfigurations
CommunicationviaserialCommunicationviaserial SmartRFSmartRF
StudioToolStudioTool
18. ITU-TRec.G.9959 Weidentifiedinconsistencies with
theactualimplementation!
19. ZZ--Wave Frame FormatWave Frame Format PHYFrame Singlecast
MACFrame Application Frame
20. ZZ--ForceForce
21. Packet needed to do network discovery
22. I Like toI Like to Move It!!Move It!!
23. Live DemoLive Demo
24. ZZ--WaveWave SecuritySecurity
25. Encryption: AES-OFB MessageFreshness: 64-bitNonce
DataAuthentication: AES-CBCMAC 128-bitRandomNetworkKey:Kn Custom
KeyEstablishmentProtocol 128-bitCipher&MAC
Keys:DerivedFromKn
26. Custom KeyEstablishmentProtocol
27. Getreadyforkeyestablishment Ready Noncerequest Noncevalue
Encryptednetworkkey Kn Noncerequest Noncevalue
Encryptedmessage(newkeyisset) Encrypt& MACbyK0 Encrypt&
MACbyKn
28. Getreadyforkeyestablishment Ready Noncerequest Noncevalue
Encryptednetworkkey Kn Noncerequest Noncevalue
Encryptedmessage(newkeyisset) Encrypt& MACbyK0 Encrypt&
MACbyKn
29. Protocol VulnerabilitiesProtocol Vulnerabilities
30. Passiveattack:Passiveattack:
InterceptanddecrypttheInterceptanddecryptthesetkeysetkey
messagemessage Happens at system installation time inHappens at
system installation time in low power transmissionlow power
transmission modemode
31. Passiveattack:Passiveattack:
InterceptanddecrypttheInterceptanddecryptthesetkeysetkey
messagemessage Happens at system installation time inHappens at
system installation time in low power transmissionlow power
transmission modemode
32. WithWithwhomwhom keyisbeingkeyisbeing
established?established?
33. WithsomeonewhoknowsWithsomeonewhoknows temporary key
valuetemporary key value andand key derivation functionskey
derivation functions
34. )( )( mKm cKc PasswdECBAESK PasswdECBAESK n n }0]{16[0
byteK
35. )|||||||| ,( ),( CLENDSTSRCSH IVCBCMACAESMAC PIVOFBAESC m c
K K
36. Unauthorized Key ResetUnauthorized Key Reset
Attack?Attack?
37. Honey,Honey, IIm Home!!m Home!!
38. Live DemoLive Demo
39. Imagefromboratmakeglorioustributeactto.com
40. Hmm... Now What?Hmm... Now What?
41. Criticalvulnerability needsanurgentfix! Short-termfix(OTA)
Check current key state before its set Actualfix(NextGen) Public
key cryptography and authentication
42. MoretechnicaldetailinourMoretechnicaldetailinour
WhitePaperWhitePaper
43. Thank You!Thank You! BehrangFouladiBehrangFouladi
BehrangFouladi SahandGhanounSahandGhanoun Sahand__
LOAD MORE
