-
Migration from VeraPlus to Aeotec Gen5
Vera8 -
Neighbour node setting
Vera17 -
Vera Extroot
Vera3 -
Wonders will never cease...
Vera4 -
Altui - OS Command execution request (returned error)
Vera8 -
Multiple Veras in home assistant
Vera7 -
Memory hog
Vera4 -
manual network heal
Vera6 -
The death of a thousand cuts
Vera35 -
Old apps
Vera11 -
altui cant past in lua code test in mobile view
Vera2 -
Using the vera with external usb zwave or zigbee dongle
Vera4 -
vera - motion sensor stays tripped
Vera14 -
Who owns Luup?
Vera10 -
The Vera's Connection Guide
Vera1 -
zwave security
Vera1 -
zwaveserial
Vera1 -
Nuke Vera Script
Vera1
zwave security
-
Sharing a good article on security:
Z-Shave. Exploiting Z-Wave downgrade attacks
TL;DR: Stronger S2 Z-Wave pairing security process can be downgraded to weak S0, exposing smart devices to compromise. Z-Wave uses a shared network key to
This helps understand the the sequence of event and the current vera issues with secure inclusions which is caused by lag between the luaUPnP engine and the zwave chip/zwaveserial API due to the desire for the vera to reload during the inclusion process and gets constantly interrupted by wakeup poll processes on large networks... right when it is supposed to be exchanging the security key. A major flaw in the luup engine preventing scaling of the network.
It also shows the importance of S2 security and how much more traffic the secure class frames add. The hack itself is very unlikely and one would have to be quite foolish to not find out that the device you thought was just included was intercepted and you added another one instead since, you should be testing your device right after inclusion and therefore you should find out if this would have happen. As of writing only HomeSeer and Z-way support S2 security.
At the bottom of the article you will find 2 European controllers which are relabelled vera plus. I am very much suspecting that they are running the z-way library which, for some reason has a compiled mips version.
