Showing 1–2 of 2 results for author: Gosewehr, F

S0-No-More: A Z-Wave NonceGet Denial of Service Attack utilizing included but offline NodeIDs

Authors: Du Cheng, Patrick Felke, Frederik Gosewehr, Yixin Peng

Abstract: In this paper a vulnerability in the Z-Wave protocol specification, especially in the S0 Z-Wave protocol is presented. Devices supporting this standard can be blocked (denial of service) through continuous S0 NonceGet requests. This way a whole network can be blocked if the attacked devices are Z-Wave network controller. This also effects S2 network controller as long as they support S0 NonceGet r… ▽ More In this paper a vulnerability in the Z-Wave protocol specification, especially in the S0 Z-Wave protocol is presented. Devices supporting this standard can be blocked (denial of service) through continuous S0 NonceGet requests. This way a whole network can be blocked if the attacked devices are Z-Wave network controller. This also effects S2 network controller as long as they support S0 NonceGet requests. As only a minimal amount of nonce requests (1 per ~2 seconds) is required to conduct the attack it cannot be prevented by standard countermeasures against jamming. △ Less

Submitted 2 May, 2022; originally announced May 2022.

Crushing the Wave -- new Z-Wave vulnerabilities exposed

Authors: Noureddine Boucif, Frederik Golchert, Alexander Siemer, Patrick Felke, Frederik Gosewehr

Abstract: This paper describes two denial of service attacks against the Z-Wave protocol and their effects on smart home gateways. Both utilize modified unencrypted packets, which are used in the inclusion phase and during normal operation. These are the commands Nonce Get/S2 Nonce Get and Find Nodes In Range. This paper shows how both can be manipulated and used to block a Z-Wave gateway's communication pr… ▽ More This paper describes two denial of service attacks against the Z-Wave protocol and their effects on smart home gateways. Both utilize modified unencrypted packets, which are used in the inclusion phase and during normal operation. These are the commands Nonce Get/S2 Nonce Get and Find Nodes In Range. This paper shows how both can be manipulated and used to block a Z-Wave gateway's communication processing which in turn disables the whole Z-Wave network connected to it △ Less

Submitted 23 January, 2020; originally announced January 2020.