Network layer
Z-Wave uses mesh-based networking that enables any node to talk to nearby nodes
directly or through available relays. Nodes communicate directly if they are within range,
or they can link with another node that has access to the destination node to exchange
information. Every Z-Wave network can have up to 232 devices and 1 primary controller
device. This flexibility, along with the low-power approach, makes Z-Wave attractive for
devices used for home automation.
Application layer
This layer is responsible for parsing the packets and decoding the Z-Wave commands and
parameters. The Z-Wave SDK can be used to parse the incoming payload, including the
command class specified. Z-Wave command classes define specific functionality for devi-
ces such as alarm sensors, door locks, thermostats, and others. Each command class, in
turn, can contain multiple commands, such as to get the temperature of a thermostat or
to set the thermostat to a specific temperature.
In July 2013, security researchers Behrang Fouladi and Sahand Ghanoun released a
whitepaper that evaluated security implications surrounding the Z-Wave protocol affecting
door locks. The authors also released a free tool called Z-Force, which lets you analyze cap-
tured Z-Wave traffic and transmit specifically crafted packets. The only additional hardware
component required is the $75 CC1110 RF transceiver.
In their quest to analyze the Z-Wave protocol, Fouladi and Ghanoun studied a particular
door lock that used Z-Wave. Their research focused on the application layer of Z-Wave, where
they found that that the first time the lock was paired with a controller (such as the Mi Casa
Verde controller), the controller and the lock exchanged encryption keys. The keys were gener-
ated using a hardware-based pseudorandom number generator (PRNG) on the Z-Wave chip
and encrypted using a hardcoded temporary default key in the chip’s firmware (the value of
which was found to be four bytes of zero).
After successful key generation took place, Fouladi and Ghanoun found that two new
keys were created using the exchanged keys as input. First, a frame encryption key was created
to encrypt the data payloads in subsequent communications. Next, a data origin authentication
key was created to ensure that an external entity would not be able to replay the network
packet—this key uses a message authentication code (MAC) algorithm that makes it difficult
for a rogue entity to capture and replay the traffic. Fouladi and Ghanoun’s paper provides a
detailed cryptographic analysis.
Exploiting Key-Exchange Vulnerability
Fouladi and Ghanoun found that the Z-Wave implementation had a severe vulnerability per-
taining to initiating the original key-exchange protocol between a given lock and the control-
ler. They found that even after the lock was paired wih a controller, they could transmit a key-
exchange packet that caused the lock to accept a brand new shared key.
CHAPTER 2: ELECTRONIC LOCK PICKING—ABUSING DOOR LOCKS TO COMPROMISE(^44) PHYSICAL SECURITY