Welcome to the Athom Community Forum! This is a place to share ideas, ask for help and discuss about Homey in general.

Please read Welcome to the forum to get started.

Homey S2 Security Support?

A serious Z Wave Security Flaw was unveiled today: 

https://www.pentestpartners.com/security-blog/z-shave-exploiting-z-wave-downgrade-attacks/#disclosure

Question #1: As I see it, Homey doesn‘t support S2 security yet. When is this planed?
Question #2: Will there be a warning when somebody tries to exploit that bug and downgrade to S0 while connecting?

Comments

  • Would like to know this too
  • DaneeDeKruyffDaneeDeKruyff Backer - Super Early Bird
    It was raised on slack too but no response from Athom.

    Imo Homey should show a warning of some kind when the inclusion is started secure but the device ends up added unsecure.
  • It's a bit weird that the official team doesn't comment on this serious security question. @Bram
  • Oy1974Oy1974 Member
    It's a bit weird that the official team doesn't comment on this serious security question. @Bram
    Wel if you would have read the welcom post here on the forum, and in specific point 8 and 9,
    https://forum.athom.com/discussion/3728/welcome-to-the-forum#latest 

    Then you would have known that they dont read the forum. So by mention @bram in your last post is the way to do it. 
  • BramBram Administrator, Athom
    I'm not sure about this, need to ask the devs if they have taken this into account
  • Bram said:
    I'm not sure about this, need to ask the devs if they have taken this into account
    That'd be nice if you could ask. Thanks for your effort!
  • There is no solution so far, the official team need to take some action.
Sign In or Register to comment.