Rogue Z-Wave Controllers: A Persistent Attack Channel
The popularity of Wireless Sensor Networks (WSN) is increasing in critical infrastructure, smart metering, and home automation. Of the numerous protocols available, Z-Wave has significant potential for growth in WSNs. As a proprietary protocol, there are few research publications concerning Z-Wave, and thus little is known about the security implications of its use. Z-Wave networks use a gateway controller to manage and control all devices. Vulnerabilities have been discovered in Z-Wave gateways, all of which rely on the gateway to be consistently connected to the Internet. The work herein introduces a new vulnerability that allows the injection of a rogue controller into the network. Once injected, the rogue controller maintains a stealthy, persistent communication channel with all inadequately defended devices. The severity of this type of attack warrants mitigation steps, presented herein. Abstract © IEEE.
2015 IEEE 40th Conference on Local Computer Networks (LCN)
Fuller, J. D., & Ramsey, B. W. (2015). Rogue Z-Wave controllers: A persistent attack channel. In Local Computer Networks Conference Workshops (LCN Workshops), 2015 IEEE 40th (pp. 734–741). Clearwater Beach, FL, USA: IEEE. https://doi.org/10.1109/LCNW.2015.7365922