Most current Z-Wave/Zigbee hacks require being present when the device is added.
There's usually a white paper presented at DefCon every year about it, but there haven't been any that give you control after the device has been included in a while.
I wouldn't know. I'm just saying most "Internet of Shit™" devices are cracked/broken and not very secure.
I really wish I had that "I work in IT, that's why all my devices are dumb items" tweet, it was really on the mark with regards to this sort of stuff.
If the device is actually secure AFTER installation, great. But I'm thinking the way into it is just to rip the device off (which is loud/easily caught I guess) if all-else-fails and you HAVE to get in.
I'm a software engineer for an IoT company. I don't have smart locks because I live in a shitty apartment and can't replace them, but I would have them otherwise.
I think the stuff that's really sketchy is the wifi-enabled stuff. That I might not trust, but I think the main exposure that would come from a zigbee/z-wave lock (beyond someone just picking it) is via your account with the IoT hub provider, which is as secure as any other internet account, but will let someone open your door.
There are solutions that can air-gap that stuff, the downside being then that you can only control it if you're on your home wi-fi, but it's possible.
When it comes down to it, someone can always just throw a brick through your window.
There will be an exploit, don't worry., Spirit of Mao isn't needed when Bluetooth/etc. can be cracked.
Can we call it MaoWare?
Fran Kranz voice: If you'd like.
Most current Z-Wave/Zigbee hacks require being present when the device is added.
There's usually a white paper presented at DefCon every year about it, but there haven't been any that give you control after the device has been included in a while.
I wouldn't know. I'm just saying most "Internet of Shit™" devices are cracked/broken and not very secure.
I really wish I had that "I work in IT, that's why all my devices are dumb items" tweet, it was really on the mark with regards to this sort of stuff.
If the device is actually secure AFTER installation, great. But I'm thinking the way into it is just to rip the device off (which is loud/easily caught I guess) if all-else-fails and you HAVE to get in.
I'm a software engineer for an IoT company. I don't have smart locks because I live in a shitty apartment and can't replace them, but I would have them otherwise.
I think the stuff that's really sketchy is the wifi-enabled stuff. That I might not trust, but I think the main exposure that would come from a zigbee/z-wave lock (beyond someone just picking it) is via your account with the IoT hub provider, which is as secure as any other internet account, but will let someone open your door.
There are solutions that can air-gap that stuff, the downside being then that you can only control it if you're on your home wi-fi, but it's possible.
When it comes down to it, someone can always just throw a brick through your window.