Zigbee HA vs. Z Wave

As corrected above, it was the bulbs that can take the update over Zigbee, not the hub. Though, in some ways that could still be potentially dangerous. It's likely that a hub trusts the things it controls more than the outside world (because it's on the same (supposedly encrypted and safe) Zigbee network and the user said he wanted to let it in. So, it could in theory provide a potential pathway to the hub. Though it's a lot less immediately likely to be dangerous than if the hub itself could be updated over Zigbee.
 
You are telling me zigbee can transport an eprom inage to update the bulbs? Wow.

I wonder if they can overdrive the LEDs and make them burn out or even more dynmically, explode!


Skynet is coming!
 
jkmonroe said:
Yeah; and this is why you should buy from established companies.  The exploit has already been patched by Philips.
 
But we all should know that most RF comms will be vulnerable to some form of attack (BT, ZWave, Zigbee, well - just about any RF in general).
WiFi WPA2 security is pretty good, and a brute force (password guessing) approach is arguably the only practical/impractical way to break into an access point. That assumes of course that the password is reasonably hard to guess and its its membership in a guessing dictionary is unlikely.
 
But, in general, RF security leaves much to be desired. E.g., the popular GE/Interlogix 319.5 Mhz  security sensors use plaintext messages which are easy to intercept and fake. Not sure about their keyfobs since I do not own one.
 
LarrylLix said:
You are telling me zigbee can transport an eprom inage to update the bulbs? Wow.

I wonder if they can overdrive the LEDs and make them burn out or even more dynmically, explode!


Skynet is coming!
Zigbee can be updated over-the-air. I do it all the time. In fact when you have 100's or 1000's of nodes that need updating, its not just a nice option.  But of course there is also strong security in place to make sure the update only comes from the proper authorized source, the master Zigbee controller.
 
So how do you update Z-Wave devices?  Hmmm you can't.
 
vc1234 said:
WiFi WPA2 security is pretty good, and a brute force (password guessing) approach is arguably the only practical/impractical way to break into an access point. That assumes of course that the password is reasonably hard to guess and its its membership in a guessing dictionary is unlikely.
 
But, in general, RF security leaves much to be desired. E.g., the popular GE/Interlogix 319.5 Mhz  security sensors use plaintext messages which are easy to intercept and fake. Not sure about their keyfobs since I do not own one.
If WPS (WiFi protected setup) is turned on, most say your network can be cracked in about 2 minutes.  By the way, this is very similar to the hacking of Zigbee, it occurs because of a setup procedure weakness that lets you easily pair a device to set it up.  On WiFi you sometimes can turn WPS off. Its more difficult to enter a strong 16 digit password into a lightbulb, without easy pairing, so its not a weakness easily fixed. 
 
ano said:
If WPS (WiFi protected setup) is turned on, most say your network can be cracked in about 2 minutes.  By the way, this is very similar to the hacking of Zigbee, it occurs because of a setup procedure weakness that lets you easily pair a device to set it up.  On WiFi you sometimes can turn WPS off. Its more difficult to enter a strong 16 digit password into a lightbulb, without easy pairing, so its not a weakness easily fixed. 
WPS vulnerabilities have been known for at least 5 years. Just don't use it.
 
ano said:
So how do you update Z-Wave devices?  Hmmm you can't.
 
Zwave Gen5 has now OTA functionality.  You can update firmware using certain controller brands.  Also, in Gen5, they implemented secure protocol option for devices other than locks. All that does not change the fact that the protocol remains an awful pile of misguided hacks.  Zigbee has plenty of its own pretty serious issues , profile balkanization being the main one.
 
ano said:
Zigbee can be updated over-the-air. I do it all the time. In fact when you have 100's or 1000's of nodes that need updating, its not just a nice option.  But of course there is also strong security in place to make sure the update only comes from the proper authorized source, the master Zigbee controller.
 
So how do you update Z-Wave devices?  Hmmm you can't.
But isn't that analogous to spoofing an IP address.
If somebody is that determined to hack a lightbulb via ZigBee I would think they could spoof the source too,
 
LarrylLix said:
... I would think they could spoof the source too,
 
 
That's analogous to what they're doing, but Zigbee has nothing to do with your data network.
 
It's like if I brought my Hue hub to your place, and 'stole' your lights over to my bridge.  It has nothing to do with your network.
 
ano said:
So how do you update Z-Wave devices?  Hmmm you can't.
True for older chips but OTA updates were added to the Z-Wave protocol with the release of the 500 series chips and Z-Wave Plus. This is pretty common now. We've released firmware updates for our HSM200 multi-sensor and our HS-WD100+ and HW-WS100+ wall switches.
 
BobS0327 said:
Just a FYI..
 
listed below are two links.  The first link is to the story on the zigbee hack via drone and the second link is a white paper providing all the details of implementing the hack.
 
 
http://www.theverge.com/2016/11/3/13507126/iot-drone-hack
 
 
http://iotworm.eyalro.net/iotworm.pdf
The technical link is interesting although I am not sure why they call the attack a "worm".  Chapter 5 describes a simple takeover from a single location, device by device, and a subsequent OTA firmware replacement, not a virus-like malicious firmware spread from a compromised  device.  Also, their claim about the 70m zigbee range is exaggerated.  In my experience, it's closer to the usual 10m (30') which is not surprising for this kind of frequency band.  So, their using a drone while interesting was merely to overcome signal propagation limitation and  get closer to the target.
 
jkmonroe said:
 
 
That's analogous to what they're doing, but Zigbee has nothing to do with your data network.
 
It's like if I brought my Hue hub to your place, and 'stole' your lights over to my bridge.  It has nothing to do with your network.
People are saying you can update the firmware image over ZigBee, If I am reading that correctly.

If you can't pass firmware data to it then there is no real security issue. The alarming security issue is somebody running their own code inside your house in a Philips device. Now they have a key to your house data insides


I don't want another Philips Hub/bridge. I hope they don't leave it here. I have too many hubs and gadgets now. :)
 
Interesting discussion. I have used both zigbee and zwave devices, but my main house is hard-wired. I have zigbee jetstream switches installed in a condo, they have worked very well over 4 years now. While it is based on proprietary zigbee protocol, the configuration and updates are extremely easy compare to zwave. You switch the software into discovery mode, it finds all configured devices, then you can add/delete devices with a click and configure buttons to perform many functions, including sending ASCI strings (I use this to control somfy shades for example). Much different story with Leviton USB controller. Buggy software, devices get dropped, network needs to be reset and each device added manually etc., etc. The Leviton switch quality is ok, but any other brand of zwave I have tried lasted less than 2 years. So after the 3d failure of my 3 remaining zwave switches I replaced them with Jetstream. I have not tried new Homeseer 500 series devices, but even if they are great, there are only a handful that support the new protocol, plus you need a software running to interface with them. Maybe it will change in the future, but for now I'd vote zigbee as a preferred wireless HA tech for people who cannot have the hard wired option.
 
Back
Top