I didn't see this in a search, so...
I know this is a little dated, but someone presented a bit on Hacking home automation systems at DefCon 2011. Most of the articles refer to how vulnerable X10 is (which is a joke to anyone that's ever used it... of COURSE it's vulnerable, ask anyone who's had to block transmissions from neighbors.) The PDF of the powerpoint deck is here. Two things specifically made me laugh: the jammer/sniffer device presented - my first thought was "is it a vacuum? PC power supply? TV?", and commenting that X10 was an immature technology that no manufacture has bothered to encrypt.
What is interesting is being able to spoof a Z-wave controller by sniffing traffic to pick up the AES key in cleartext when a secure device is added to the network. I guess if you're persistent enough, you can capture that... but how often to people add secure devices to a network? (Which doesn't negate the problem of not implementing encryption correctly.) Being able to just jam the network with noise on the frequency seems like more of a significant issue, but that's hardly news for a RF network... Orville Redenbacher performs a denial of service on my kitchen WAP every time we sit down for a movie.
I know this is a little dated, but someone presented a bit on Hacking home automation systems at DefCon 2011. Most of the articles refer to how vulnerable X10 is (which is a joke to anyone that's ever used it... of COURSE it's vulnerable, ask anyone who's had to block transmissions from neighbors.) The PDF of the powerpoint deck is here. Two things specifically made me laugh: the jammer/sniffer device presented - my first thought was "is it a vacuum? PC power supply? TV?", and commenting that X10 was an immature technology that no manufacture has bothered to encrypt.
What is interesting is being able to spoof a Z-wave controller by sniffing traffic to pick up the AES key in cleartext when a secure device is added to the network. I guess if you're persistent enough, you can capture that... but how often to people add secure devices to a network? (Which doesn't negate the problem of not implementing encryption correctly.) Being able to just jam the network with noise on the frequency seems like more of a significant issue, but that's hardly news for a RF network... Orville Redenbacher performs a denial of service on my kitchen WAP every time we sit down for a movie.
