IoT tool vulnerable to downgrade attack

      Comments Off on IoT tool vulnerable to downgrade attack

IoT tool vulnerable to downgrade attackZ-Wave protocol is a radio frequency-based communications technology created to facilitate the management of Internet of Things appliances. Unfortunately, despite its sophisticated encryption system, Z-Wave is vulnerable to a downgrade attack – a protocol that forces computers to abandon their high-quality mode of operation in favour of a less effective older version. As a result, 100 million IoT connected devices have been left wide open to hacking.

Part of the problem lies in the fact that many IoT devices using Z-Wave have failed to upgrade to its new and more effective S2 security standard, continuing to use the older, less secure SO version.

Silicon Labs, the company behind Z-Wave, has installed alerts to warn users when security on their devices has been downgraded. However, IoT device manufacturers are failing to pass this on to their customers – leaving them floundering in the dark.