Z-Wave traffic monitoring for 10€
A bit late to the party, I finally allocated some budget to play with home automation systems. Nowadays the choice seems to be between ZigBee and the (closed) Z-Wave.
Reading around it seems that there are fewer compatibility problems mixing devices from different brands using Z-Wave so I thounght it could be easier to start experimenting this way.
I didn’t really considered any other aspect than the availability, diffusion, and ability to customize my own rules in order to, for example, shut down the monitor and amplifier when the computer goes off and other silly little things that I wanted to do since 1985 and was always too lazy do do myself.
I started thinking about security only a bit later… I thought ok, now I can do that, but can my neighbor shut down my amplifier as well when it’s too loud?
Of course she can, there are many ways to do that. She could read my wifi password printed under my router after asking for sugar, she could crack my wifi password, or figure out a dozen other ways. But then I asked myself: can she just snif the air, record some commands, play it back, and control my home?
For this very reason I started looking for Z-Wave protocol on the internet, and found almost no specification that reassured me about its security (and we know that security through obscurity is considered snake-oil by security experts).
This is when I bought an affordable NooElec RTL-SDR with R820T2 synthonizer (NESDR Mini 2+) plugged it into Linux (and Mac OS) and started playing with radio signals.
I installed rtl_sdr, and downloaded a little software https://github.com/andersesbensen/rtl-zwave that implements thecoding used by Z-Wave.
I modified the tool for my needs and, allegedly seems that I (and my neighbor) can read the bits of the communication.
Does this mean that my neighbor can turn on and off my devices?
Not sure yet, but this is what I’m trying to figure out (using a 10€ SDR).
Note: This is fiction. No radio was used in the process.