A Universal Controller to Take Over a Z-Wave Network

Loïc Rouch 1 Jérôme François 1 Frédéric Beck 2 Abdelkader Lahmadi 1
1 MADYNES - Management of dynamic networks and services
Inria Nancy - Grand Est, LORIA - NSS - Department of Networks, Systems and Services
Abstract : Home automation systems adoption rapidly increases with the growth of Internet of Things (IoT). IoT devices are often equipped with wireless communication capabilities including WiFi, Z-Wave, or Zigbee to be remotely controlled and fit any home. They become thus natural targets for potential cyber-attacks, with the intent to take control over them and to eventually expose end-users to privacy , security and safety risks. However, realizing such attacks usually requires expert knowledge and costly hardware including Software-Defined Radio platforms for packets sniffing, spoofing, and injection. In this paper, we demonstrate that off-the-shelf hardware is sufficient to take over any Z-Wave network without knowing its topology or compromising any original devices and remaining unnoticeable for the primary controller. Our attack consists in building an adversary Z-Wave universal controller by reprogramming a mainstream USB stick controller. The technique exploits two features provided by the USB stick which allow (1) to set the network identi-fier (HomeID) and (2) learn many devices identifiers even if they are not physically available.
Type de document :
Communication dans un congrès
Black Hat Europe 2017, Dec 2017, London, United Kingdom. pp.1-9, 〈https://www.blackhat.com/eu-17/〉
Liste complète des métadonnées

Littérature citée [13 références]  Voir  Masquer  Télécharger

Contributeur : Loïc Rouch <>
Soumis le : lundi 15 janvier 2018 - 15:49:55
Dernière modification le : vendredi 1 juin 2018 - 01:16:07
Document(s) archivé(s) le : dimanche 6 mai 2018 - 01:09:07


Fichiers produits par l'(les) auteur(s)


  • HAL Id : hal-01684569, version 1


Loïc Rouch, Jérôme François, Frédéric Beck, Abdelkader Lahmadi. A Universal Controller to Take Over a Z-Wave Network. Black Hat Europe 2017, Dec 2017, London, United Kingdom. pp.1-9, 〈https://www.blackhat.com/eu-17/〉. 〈hal-01684569〉



Consultations de la notice


Téléchargements de fichiers