This is the forum archive of Homey. For more information about Homey, visit the Official Homey website.

The Homey Community has been moved to https://community.athom.com.

This forum is now read-only for archive purposes.

Homey S2 Security Support?

A serious Z Wave Security Flaw was unveiled today: 

https://www.pentestpartners.com/security-blog/z-shave-exploiting-z-wave-downgrade-attacks/#disclosure

Question #1: As I see it, Homey doesn‘t support S2 security yet. When is this planed?
Question #2: Will there be a warning when somebody tries to exploit that bug and downgrade to S0 while connecting?

Comments

  • Would like to know this too
  • It was raised on slack too but no response from Athom.

    Imo Homey should show a warning of some kind when the inclusion is started secure but the device ends up added unsecure.
  • It's a bit weird that the official team doesn't comment on this serious security question. @Bram
  • It's a bit weird that the official team doesn't comment on this serious security question. @Bram
    Wel if you would have read the welcom post here on the forum, and in specific point 8 and 9,
    https://forum.athom.com/discussion/3728/welcome-to-the-forum#latest 

    Then you would have known that they dont read the forum. So by mention @bram in your last post is the way to do it. 
  • BramBram Member
    I'm not sure about this, need to ask the devs if they have taken this into account
  • Bram said:
    I'm not sure about this, need to ask the devs if they have taken this into account
    That'd be nice if you could ask. Thanks for your effort!
  • There is no solution so far, the official team need to take some action.
Sign In or Register to comment.