s
This is living! Blog
  • How secure is your FIBARO Home Automation System?
  • Terence Chang
  • AppleFibaroHome AutomationHome SecurityiPhoneLiferoomeSmart HomeVideoWIFIWirelessZ-Wave
How secure is your FIBARO Home Automation System?

Update: A new video is uploaded to address the inaccurate content in relation to the Admin and Remote Access features of FIBARO Home Automation System.

Recently, there are many reports discussing security holes on smart devices and home automation systems.

At Liferoome, we believe the FIBARO Home Automation system is one of the most secure system on the market today.  Check out the video below so you can make up your own mind.



Reputable home automation manufacturers such as FIBARO will always act quickly to issue security & firmware updates as and when they become aware of vulnerability to minimise the risk to their customers.

Furthermore, you can minimise risks if you observe the following general security best practices.

  • Use strong passwords
  • Keep your passwords in a safe place
  • Maintain security patches (operating system & software)
  • Don't open suspicious emails
  • Don't click on suspicious links
  • Don't run scripts/software from untrusted sources
  • Ensure your home WiFi network is password protected (and WPA2 encrypted)
  • Maintain up-to-date Anti-virus software
  • Take precautions on social networking sites
Most importantly, backup your data.

  • Terence Chang
  • AppleFibaroHome AutomationHome SecurityiPhoneLiferoomeSmart HomeVideoWIFIWirelessZ-Wave

Comments on this post ( 2 )

  • Mar 18, 2015

    Hi Dave,

    Thanks for your comments.

    In response to your concerns regarding the vulnerability of the encryption keys used between Z-wave devices and the controller, you will be glad to know that Z-Wave employs AES128 using a onetime value for each frame sent to/from devices. Decrypting this is well beyond the reach of all but the best-funded government agencies

    A small number older Z-Wave devices do have a weakness that an attacker may be able to exploit, but it requires a sniffer and for the attacker to be present when the devices are being added first time to the Z-Wave network.

    These devices perform a key exchange with the home controller when they first join the network and if an attacker were to be there with a sniffer when this takes place, they may be able to intercept this key and use it to encrypt\decrypt traffic.

    This window is obviously very narrow, but might be able to be abused by someone with malicious intent.

    Moreover, Z-Wave packet interception and injection require not only the attacker to be physically present during the network setup process, but also to time this at the exact moment to packet sniff when the devices are being setup for the first time.

    There are articles on the Internet that you can find out more about this.

    In short, such vulnerability isn’t due to a flaw in the Z-Wave protocol specification, but by the device vendor’s implementation (error) in disabling the use of temporary key after initial network key exchange during inclusion of a node to the network. I am only aware of one vendor’s battery operated door lock implemented this way. We obviously don’t sell this product.

    The other great thing is that all Z-Wave devices must pass product certification through strict guidelines imposed by Z-Wave Alliance to ensure interoperability and security. You should only ever purchase certified Z-Wave products.

    Finally, Fibaro is one of the premium vendors and is a member of the Z-Wave Alliance, this means customers can have buying confidence in purchasing products from a reputable business that have customer centric support and resources to address security related issues reported quickly.

    We at Liferoome are a proud member of Z-Wave Alliance and we believe the security of the Z-Wave wireless protocol is superior to WiFi and other competing standards.

    Note: We understand Apple HomeKit will also work with Z-Wave devices.

    Hope it makes sense.

    Terence

    — Terence Chang

  • Mar 18, 2015

    I found this article interesting because I am considering the Fibaro system. Most of what is stated in the updated video is common sense but there is absolutely no harm in stressing the benefits of strong passwords etc.

    My concern regards the vulnerability of the encryption keys used between the z-wave devices and the controller. I do not claim to have the skills of a hacker but with a basic knowledge of encryption and you tube videos I think I could do it. So I guess my question is has the vulnerability been removed in more recent versions of these devices ?

    — Dave

Leave a comment