Hacking Z-Wave (Home Wireless Security) and a Corporate Data Solution called WWPass (two upcoming Hacker Hotshots!)

Hacking Z-Wave (Home Wireless Security) and a Corporate Data Solution called WWPass (two upcoming Hacker Hotshots!)

Henry Dalziel | General Hacking Posts, Hacker Hotshots, Latest InfoSec News | October 9, 2013

This blog post makes us one year old! This makes us feel very proud! Thank you for your support, especially with our Hacker Hotshot web shows in which we also reached a milestone of one hundred shows two weeks ago.

On the subject of Hacker Hotshots, here are this week’s action packed events: “Honey, I’m home!! – Hacking Z-Wave Home Automation Systems” with Behrang Fouladi and “The Annihilation of Usernames and Passwords (For Real)” with Gerry Texeira. Both of these shows will be live on Thursday starting from 12 EST and 12.45 EST respectively.

Honey, I’m home!! – Hacking Z-Wave Home Automation Systems
With Hacker Hotshot Behrang Fouladi
This Thursday (tomorrow) October 10th at 12pm EST/ 9am PST

Behrang Fouladi works as a Security Researcher at SensePost and has been involved in vulnerability research and code reverse engineering since the early 200’s. One of his current areas of interest is Machine-to-Machine (M2M) security. This presentation and talk is all about ‘home automation’. In particular, Behrang is going to share with us the following three points:

  • How home automation works
  • How home automation security works
  • How it could be subjected to cyber attacks

What is Z-Wave?
Z-Wave is a wireless communications protocol that was developed to enable security and automation for end-users in the home (or business). Specifically, the technology was designed to allow users to execute and manage home automation via remotely control and access. The technology and protocol uses a low-power RF radiothat can be retrofitted into home electronics devices and systems. A typical usage of Z-Wave would be in controlling lighting and household appliances.

How does Z-Wave work?
Z-Wave communicates by transmitting low-power wireless signals. The Z-Wave wireless protocol has been designed with reliability in mind by producing low-latency communication by sending very small data packets with data rates up to 100Kbps. Think of WiFi as being the opposite, i.e. much faster, especially the latest 802.11ac, which as as side note, was the subject of a Hacker Hotshot presentation titled: “802.11ac Packet Capture”.

Worth mentioning as well that there is a project called open-zwave that seeks to provide free support to hobbyists. There is also a Raspberry Pi Z-Wave product called Razberry that might be of interest. Another project which should be included within this post and which has a slightly more defined security role is ZoneMinder. ZoneMinder is a stack of applications that allow the user to control a complete surveillance solution. If you are interested in home security then ZoneMinder is certainly worth checking out. The software essentially lets the user capture, monitor and record CCTV and/ or security cameras. As far as we can tell ZoneMinder only operates in a Linux environment.

Immediately after Behrang’s presentation is Gerry Texeira (at 12.45 EST) with “The Annihilation of Usernames and Passwords (For Real)”

The Annihilation of Usernames and Passwords (For Real)
With Hacker Hotshot Gerry Texeira
This Thursday (tomorrow) October 10th at 12.45pm EST/ 9.45am PST

Gerry works for WWPass and will be talking about authentication solutions for the enterprise. Here are the three salient points that Gerry will address:

  • The shortcomings of authentication (i.e. usernames and passwords)
  • How certain two-factor authentication technology enables true anonymity of personal and corporate assets through network encryption and the fragmentation and dispersion of data.
  • Why their solution, WWPass PassKey, is a multi purpose security token that can relieve the burden of IT in managing credentials and certificates.

What is WWPass?
WWPass technology offers extremely tough authentication by using a cloud-based solution that only allows one access device (called a “PassKey”) to manage one or more certificates. The end result is that employees can use their own keys to securely access corporate data.

If you are interested in WWPass then you should also take a look at another similar Hacker Hotshot we had back in 2012 with Ryk Edelstein titled: “The Cicada Solution.” Ryk’s company also offer security through the use of a ‘key’ or portable USB.

In Summary
As always, we have two excellent Hacker Hotshot talks this week and we are very grateful to both speakers for having taken the time to talk to our community about their respective research and products. The Z-Wave talk by Behrang will be a very helpful insight into those interested in home (business) automation and security (and of the course the hacking of Z-Wave and home security!) whilst Gerry will offer a solution to toughen up your corporate data and security!

Please join us and either interact during or after the shows or drop a comment or question below that we can ask the speakers on your behalf.

Leave a comment or reply below...thanks!