Homey S2 Security Support?

thomas_witt · May 2018

A serious Z Wave Security Flaw was unveiled today:

https://www.pentestpartners.com/security-blog/z-shave-exploiting-z-wave-downgrade-attacks/#disclosure

Question #1: As I see it, Homey doesn‘t support S2 security yet. When is this planed?
Question #2: Will there be a warning when somebody tries to exploit that bug and downgrade to S0 while connecting?

konradwalsh · June 2018

Would like to know this too

DaneeDeKruyff · June 2018

It was raised on slack too but no response from Athom.

Imo Homey should show a warning of some kind when the inclusion is started secure but the device ends up added unsecure.

thomas_witt · August 2018

It's a bit weird that the official team doesn't comment on this serious security question. @Bram?

Oy1974 · August 2018

thomas_witt said:

It's a bit weird that the official team doesn't comment on this serious security question. @Bram?

Wel if you would have read the welcom post here on the forum, and in specific point 8 and 9,
https://forum.athom.com/discussion/3728/welcome-to-the-forum#latest

Then you would have known that they dont read the forum. So by mention @bram in your last post is the way to do it.

Bram · August 2018

I'm not sure about this, need to ask the devs if they have taken this into account

thomas_witt · August 2018

Bram said:

I'm not sure about this, need to ask the devs if they have taken this into account

That'd be nice if you could ask. Thanks for your effort!

MichaelHarris259 · August 2018

There is no solution so far, the official team need to take some action.

Homey S2 Security Support?

Comments