Side-channel information leaks of Z-wave smart home IoT devices: Demo abstract

Abstract

Z-Wave is one of the key access protocols of the Internet of Things (IoT). It is highly popular in home automation and security system applications due to its minimum power consumption, reliability, and cost effectiveness. With an estimate of over 100 million deployed Z-Wave devices around the globe, it is essential to understand their security landscape. For instance, Z-Wave devices can leak personal information about the home dwellers as well as their possessions and buglers can use compromised Z-Wave devices to disable security systems or even to feed incorrect information. In this paper, we present an experiment setup and early results of side-channel information leaks of Z-Wave. We show that Z-Wave traffic despite being encrypted, leaks information through side-channels and an attacker who can passively capture Z-Wave frames by simply being in the vicinity of a house can identify Z-Wave devices inside the house.