(Last Updated: April 25, 2020)

zwave security



  • Sharing a good article on security:

    This helps understand the the sequence of event and the current vera issues with secure inclusions which is caused by lag between the luaUPnP engine and the zwave chip/zwaveserial API due to the desire for the vera to reload during the inclusion process and gets constantly interrupted by wakeup poll processes on large networks... right when it is supposed to be exchanging the security key. A major flaw in the luup engine preventing scaling of the network.

    It also shows the importance of S2 security and how much more traffic the secure class frames add. The hack itself is very unlikely and one would have to be quite foolish to not find out that the device you thought was just included was intercepted and you added another one instead since, you should be testing your device right after inclusion and therefore you should find out if this would have happen. As of writing only HomeSeer and Z-way support S2 security.

    At the bottom of the article you will find 2 European controllers which are relabelled vera plus. I am very much suspecting that they are running the z-way library which, for some reason has a compiled mips version.


Log in to reply