Z-Wave connection tip: un-enroll devices

@intelligen @urman you may have to phsyically interact with a device to exclude it from the ZWAVE network. However, some of the GE switches and oulets I have installed “interact” can be defined as powering them off and then on. This being said if a hacker was broadcasting a constant exclude and then an include if you were to unknowingly turn on or off one of these devices and then power it back on it could definitely and easily be compromised.

This starts to fall into that whole “is it practical” area…

First, what’s “gained” my compromising my lights/outlets? Granted, it’d be a sever headache for me if some idiot kept taking control of my devices and I had to constantly un-enroll them and re-enroll them in my network. This is happened all the time I’d just give up and not even try to use Z-wave anymore. But he can’t get in my house using lights or outlets or motion sensors.

What about door locks? Ah, there “physically interacting” with the device is more than simply using it. I have to hit a specific button on my lock to tell it to unpair or pair. It’s a button that is hidden behind a screwed in panel, so it isn’t going to be accidentally hit. So the hacker has to already be in my house to trigger my lock to unpair then to pair with his network.

@urman Thanks for the clarification; I figured I must be missing something.

@jeremywhittaker @chrisb That’s an interesting exploit…it might not seem like a critical weakness, but it would be a starting point for someone who really wants to create a problem for you. Hypothetical scenarios:

  • Some jerk turns on your lights and appliances at night to sneakily run up your electric bill while you’re cozily asleep.

  • You and your family keep the curling iron, soldering iron, etc., plugged into Z-wave outlets for safety or convenience (“power off when away”), but someone hijacks the outlets and maliciously or inadvertently burns your house down.

  • Perhaps you’re a hardware hacker and rigged up your own custom garage door control using one of the Z-wave power outlets–a savvy crook just needs to hijack that to gain access to everything in your garage (and also your house, if you don’t lock the door from your garage to the house).

  • Your video surveillance system is on a Z-wave switch so you can turn it off when you’re at home–someone cracks your WiFi password and turns on the cameras when you’re home to case the inside of your home, or maybe they record videos of you and your family over your IP cameras. Then they turn off the cameras when you’re gone, break in, and know exactly where to look for everything.

  • As far as door locks? A crack team of foreign spies breaks into your vacation home while you’re away and pairs your door lock with their controller. (And they cleverly defeat your sensors…or maybe the batteries just happened to die.) The next time your sister visits you at your vacation home, they let themselves in and swipe her presence tag, go to her home (which now conveniently opens the front door for them), and interrogate her boyfriend’s cat until he divulges your sister’s boyfriend’s true identity. (Okay, the cat is chipped and they just use a reader to extract that information.) What they do with this information, I don’t even want to guess–but it can’t be good if they wanted it that badly and they couldn’t think of any less complicated scheme to get it.

I admit, these scenarios don’t seem very likely at the moment, but as home automation systems become more ubiquitous, the risk of creative applications of such exploits will only increase. And people living in apartments will be even more vulnerable.

@intelligen,

That’s an interesting exploit…it might not seem like a critical weakness, but it would be a starting point for someone who really wants to create a problem for you. Hypothetical scenarios:

These are all theoretically possible and potentially scary, but practically I think they are highly unlikely.

First for things like like lights/appliances – Running up the electric bill. This would be more of an inconvenience than a real problem. Granted, it may take you a day or even three before you notice that your apps aren’t actually working but you’d figure out pretty quick that things aren’t working the way they are supposed too. Even if you don’t notice from the not working as you’d expect, lights turning on and especially appliances that make noise are bound wake some people up or be notices when someone wakes up to use the bathroom.

Stealing control of my garage outlet – Very hard to do without being in my garage. I have this exact setup, but I never touch the outlet. The only way I open/close my garage is via a z-wave command to the outlet or pushing the hardwired door opener button in my garage, which doesn’t cause the outlet to come into play. No physical interaction… no un-enrolling from my network.

Cameras… yeah, this could be a problem, but we’re talking about very skill individuals here then… if people are cracking IP cameras that have proper security setup then we’re talking about pretty high tech people here.

- As far as door locks? A crack team of foreign spies breaks into your vacation home while you’re away and pairs your door lock with their controller. (And they cleverly defeat your sensors…or maybe the batteries just happened to die.) The next time your sister visits you at your vacation home, they let themselves in and swipe her presence tag, go to her home (which now conveniently opens the front door for them), and interrogate her boyfriend’s cat until he divulges your sister’s boyfriend’s true identity. (Okay, the cat is chipped and they just use a reader to extract that information.) What they do with this information, I don’t even want to guess–but it can’t be good if they wanted it that badly and they couldn’t think of any less complicated scheme to get it.

Now this could be a real problem… I’d suggest cutting out the cat’s tongue to ensure he doesn’t ever give up the secret info. But even in your humor here you highlight an important thing. Yes z-wave will undoubtedly have vulnerabilities. And as users of this tech we have to be smart about where those vulnerabilities might exist. But at the same time there are usually much easier methods to achieve the desired results that don’t involved Z-wave.

I want to cost you money? I wait until 12:00 at night, sneak into your yard and turn on your garden hose. Now you have to pay for water running for 6+ hours, plus your entire yard is flooded and quite possibly there is water damage in your basement too. Only tech I need is a $2 wrist watch and a $1 flashlight.

If I want to break into your house I’ll stake it out and wait for you to leave then break a back window or kick in a back door. That’s a lot easier than waiting outside your house with a portable setup to un-enroll your garage door outlet and then hope you don’t notice that it isn’t closing behind you so I can sneak into the open door after you turn the corner.

And if I’m desperate to get the info from the cat, some tuna, a ball of yard and some scratches behind the ears work just as well.

@intelligen just to clarify the Schlage and Kwikset locks amongest other ZWAVE devices require you to push an include/exclude button in order to join or disjoin a ZWAVE hub. Therefore they are not as insecure as the devices that automatically include/exclude when they are used in common day scenarios. For instance the GE/JASCO switches and outlets automatically try to include/exclude themselves everytime they are powered on or off. Unfortunately it appears a lot of ZWAVE devices have been manufactured with this “flaw”. Imagine if a hacker hooked up a ZWAVE exclude radio signal and broadcasted it using a very powerful omni antenna? This could wreak havok on any of these systems. But then again I suppose even if the devices securely included/excluded someone could still very easily jam the frequencies. I suppose this goes back to the old adage, it is only designed to keep the honest people honest.

I guess I come back to… why? I suppose if someone had the time and the parts laying around and just wanted to mess with random people who might be in his broadcast area he might do it, but why? I mean if you’re messing with people for the fun of it, you usually want to see the results, do you not?

@chrisb yea the why is always a fair question. But it should be anticipated in the design of a product. Especially when it comes to something that is controlling so many devices throughout your house. I have a GE/Jasco power outlet that provides AC>DC power to my gate which when powered unlocks my front gate. To me this is a security risk. That is the why piece of it. I’m not really concerned but I would never try to do this at my place of business of it was the only device controlling physical premise access.

I’m having the same problem but unfortunately the controller I previously had was IRIS which has now obsolete so I can’t remove them from the previous controller. Any suggestions. Don’t want to replace all my smart switches.

Any suggestions?

You are replying to a thread which is five years old, and a lot has changed in that time. :wink:

In particular, the SmartThings Z wave implementation now meets the basic requirements for a Z wave plus hub, so this whole process is now much simpler.

(In the future, you might want to check the date on threads and then if it’s more than a year or two old, look to see if there’s more current information in the forum. Things change pretty quickly with these technologies. )

OK, the zwave specification assumes that there might be times when you need to reset a device and you no longer have the original controller available. Maybe the hub died. Maybe you bought the device used. Maybe the device was paired to a testing bed at the factory and even though it’s a brand new device, it still needs to be reset.

No problem. :sunglasses: under the specification , any Certified Z wave controller can issue what is called a “general exclusion” and then any Z wave devices in the area can accept that exclusion command and do a factory reset. Even if it has never been paired to that particular controller before. You just have to know what the required reset process is for that individual device.

So you will issue the “general exclusion” from your smartthings hub, and then perform whatever exclusion process is required for that specific model of the end device. That will reset the network information that is stored in the individual device and then it will be ready to add it to your smartthings hub. :tada:

Here are the instructions for doing it with the classic app. To be honest, I’m not sure how you do it from the new app, but someone should be along soon who can tell you.