S0-No-More: A Z-Wave NonceGet Denial of Service Attack utilizing included but offline NodeIDs

05/02/2022
by   Du Cheng, et al.
0

In this paper a vulnerability in the Z-Wave protocol specification, especially in the S0 Z-Wave protocol is presented. Devices supporting this standard can be blocked (denial of service) through continuous S0 NonceGet requests. This way a whole network can be blocked if the attacked devices are Z-Wave network controller. This also effects S2 network controller as long as they support S0 NonceGet requests. As only a minimal amount of nonce requests (1 per  2 seconds) is required to conduct the attack it cannot be prevented by standard countermeasures against jamming.

READ FULL TEXT

Please sign up or login with your details

Forgot password? Click here to reset