Regarding the Gibson review. IIRC, the door lock discovered vulnerability was limited to specific lock manufacturer. Other locks by different manufacture's did not have the issue. If a proprietary chip is used by multiple manufacturers, then the vulnerability is not in the z-wave protocol, rather the vendor's product and the implementation of the protocol.
Gibson goes on to harp about z-wave being closed and proprietary, i.e. "security by obscurity" and is bad. While earlier in his video he states security professionals do not divulge what security products nor operating systems they use as good, in fact an admirable practice. Isn't that "security by obscurity"?
I too am very invested in Z-Wave and want it to grow and improve. I somewhat have a different view regarding device manufacturers releasing all of the extended parms up front. My stance is that I shouldn't have to read technical specs and documentation to determine what the switches do, rather the HA software should present those switches with meaningful names and values in drop down lists, check boxes, and radio buttons for configuration.
Gibson goes on to harp about z-wave being closed and proprietary, i.e. "security by obscurity" and is bad. While earlier in his video he states security professionals do not divulge what security products nor operating systems they use as good, in fact an admirable practice. Isn't that "security by obscurity"?
I too am very invested in Z-Wave and want it to grow and improve. I somewhat have a different view regarding device manufacturers releasing all of the extended parms up front. My stance is that I shouldn't have to read technical specs and documentation to determine what the switches do, rather the HA software should present those switches with meaningful names and values in drop down lists, check boxes, and radio buttons for configuration.
Comment