Home Resources Blog Z-Wave Downgrade Attack Left Over 100 Million IoT Devices Open to Hackers

Z-Wave Downgrade Attack Left Over 100 Million IoT Devices Open to Hackers

Researchers have found that even after having an advanced encryption scheme in place, more than 100 million Internet-of-Things (IoT) devices from thousands of vendors are vulnerable to a downgrade attack that could allow attackers to gain unauthorized access to your devices.

The issue resides in the implementation of Z-Wave protocol—a wireless, radio frequency (RF) based communications technology that is primarily being used by home automation devices to communicate with each other.

Book a demo today to see GlobalDots is action.

Optimize cloud costs, control spend, and automate for deeper insights and efficiency.

Book a demo today to see GlobalDots is action.

Dubbed Z-Shave by the researchers, the downgrade attack makes it easier for an attacker in range during the pairing process to intercept the key exchange, and obtain the network key to command the device remotely.

Researchers found the vulnerability while comparing the process of key exchange using S0 and S2, wherein they noticed that the node info command which contains the security class is being transferred entirely unencrypted and unauthenticated, allowing attackers to intercept or broadcast spoofed node command without setting the security class.

A hand reaching towards various technology and industry icons on a blue background.
Image Source

Read more: The Hacker News

Latest Articles

Web Security
SAST vs DAST vs IAST: Application Security Testing Explained

A great majority of security flaws are introduced during development, but most aren’t found until much later, when they’re costlier to fix. That delay is precisely why application security testing (AKA AppSec testing) needs to occur early, frequently, and at multiple layers. SAST, DAST, and IAST are designed to do just that. But too often, […]

Shalom Carmel
10th June, 2025
Web Security
Application Security Frameworks: A Practical Guide to OWASP SAMM, ASVS, and More

As teams ship faster in cloud-native environments, the attack surface grows just as quickly. This makes application security a moving target. Yet most AppSec programs still feel like patchwork. Teams rely on ad hoc policies, chase compliance, or struggle to scale controls across the SDLC. Application security frameworks change that. They give you a structure […]

Shalom Carmel
10th June, 2025
Web Security
Application Security Best Practices: A Lifecycle Approach for Modern Teams

Application security isn’t just a developer’s concern or a security team’s checklist anymore. It’s a full-spectrum challenge that cuts across the software lifecycle, from the code you write to the containers you deploy to the pipelines and people in between. In 2024 alone, researchers flagged over 40,000 software vulnerabilities, most of which were inherited through […]

Shalom Carmel
7th June, 2025
Back to Resources

Unlock Your Cloud Potential

Schedule a call with our experts. Discover new technology and get recommendations to improve your performance.

    GlobalDots' industry expertise proactively addressed structural inefficiencies that would have otherwise hindered our success. Their laser focus is why I would recommend them as a partner to other companies

    Marco Kaiser
    Marco Kaiser

    CTO

    Legal Services

    GlobalDots has helped us to scale up our innovative capabilities, and in significantly improving our service provided to our clients

    Antonio Ostuni
    Antonio Ostuni

    CIO

    IT Services

    It's common for 3rd parties to work with a limited number of vendors - GlobalDots and its multi-vendor approach is different. Thanks to GlobalDots vendors umbrella, the hybrid-cloud migration was exceedingly smooth

    Motti Shpirer
    Motti Shpirer

    VP of Infrastructure & Technology

    Advertising Services