There were some articles years ago about some Z-Wave locks that while capable of being included secure (S0) would default to non-secure.

And other articles displaying a vulnerability where if a hacker was present and listening at the moment of inclusion, they could shoe-horn themselves into the network.

Both of those were in reference to the older security model, now referred to as S0, which was replaced by S2.

If the device has correct S2 security support, uses the correct S2 security class (access control), and is included securely using the DSK, then you should be fine.

If you need to be certain of what a certain locks supports, check the z-wave alliance catalogue. Manufacturers product pages may screw you around and hide the information you need, the catalogue will show you supported security and command classes in a standard format.

Or alternatively, drop the battery powered lock completely and go for a hardwired electric strike set into the door frame, paired with an externally mounted keypad. More work to install, but this setup has been thoroughly battle tested in commercial spaces for decades.

That's the first time I've heard one of these getting hacked. Did he say how it was hacked? I know there are reports of users asking Alexa to open the doors from outside the home and that hack worked. I can tell you this. It's a ton easier to kick a door in than it is messing with hacking a lock so if someone wants in they'll get in.

Rupp,,

he was pretty tight lipped about the details. I quizzed him several times. Not sure he wanted backlash from Schlage. I used RekeyDFW.com



i agree it is easier to brake a window than hack a lock......

duh caveman vs high school geek

I'd be really suspicious about that report also. White-Hat hackers have broken into pretty much all of the various protocols at one point or the other, but you're talking about a bunch of REALLY smart people doing it as an intellectual exercise. The type of people doing residential burglaries aren't that smart. And even if they were, it's not cost effective when all they need to get in is a sledgehammer or a couple of heavy kicks. More likely, the homeowner did something stupid like not changing the default code. Or he just didn't lock the door. "I got hacked" is the burglary version of "My brakes failed" for a rear-end auto collision.

It also could have been something completely unrelated to the lock. The homeowner could have not secured his WiFi network, allowing someone to connect into it. The "hacker" then could have loaded up the Homeseer web page and do whatever he wanted, or do it some other way. I too am very suspicious of what we are not being told.

I feel very comfortable with my combo locks, including knowing that there is less chance of me forgetting my keys and getting locked out.

Rupp Alexa doesn't unlock the door for me. I think Amazon changed their API some time ago..