A Universal Controller to Take Over a Z-Wave Network - Archive ouverte HAL Access content directly
Conference Papers Year :

A Universal Controller to Take Over a Z-Wave Network

(1) , (1) , (2) , (1)
Loïc Rouch
  • Function : Author
  • PersonId : 17085
  • IdHAL : loic-rouch
Frédéric Beck


Home automation systems adoption rapidly increases with the growth of Internet of Things (IoT). IoT devices are often equipped with wireless communication capabilities including WiFi, Z-Wave, or Zigbee to be remotely controlled and fit any home. They become thus natural targets for potential cyber-attacks, with the intent to take control over them and to eventually expose end-users to privacy , security and safety risks. However, realizing such attacks usually requires expert knowledge and costly hardware including Software-Defined Radio platforms for packets sniffing, spoofing, and injection. In this paper, we demonstrate that off-the-shelf hardware is sufficient to take over any Z-Wave network without knowing its topology or compromising any original devices and remaining unnoticeable for the primary controller. Our attack consists in building an adversary Z-Wave universal controller by reprogramming a mainstream USB stick controller. The technique exploits two features provided by the USB stick which allow (1) to set the network identi-fier (HomeID) and (2) learn many devices identifiers even if they are not physically available.
Fichier principal
Vignette du fichier
paper.pdf (292.78 Ko) Télécharger le fichier
Origin : Files produced by the author(s)

Dates and versions

hal-01684569 , version 1 (15-01-2018)


  • HAL Id : hal-01684569 , version 1


Loïc Rouch, Jérôme François, Frédéric Beck, Abdelkader Lahmadi. A Universal Controller to Take Over a Z-Wave Network. Black Hat Europe 2017, Dec 2017, London, United Kingdom. pp.1-9. ⟨hal-01684569⟩
552 View
1251 Download


Gmail Facebook Twitter LinkedIn More