{"id":1497,"date":"2018-05-25T19:27:18","date_gmt":"2018-05-25T19:27:18","guid":{"rendered":"https:\/\/kasperskycontenthub.com\/threatpost\/?p=132295"},"modified":"2018-05-25T19:27:18","modified_gmt":"2018-05-25T19:27:18","slug":"millions-of-iot-devices-vulnerable-to-z-wave-downgrade-attacks-researchers-claim","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/millions-of-iot-devices-vulnerable-to-z-wave-downgrade-attacks-researchers-claim\/","title":{"rendered":"Millions of IoT Devices Vulnerable to Z-Wave Downgrade Attacks, Researchers Claim"},"content":{"rendered":"<div class=\"media_block\"><\/div>\n<div><img decoding=\"async\" src=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/31\/2018\/05\/25143329\/IOT_home_automation.jpg\" class=\"ff-og-image-inserted\"\/><\/div>\n<p>The popular home automation protocol Z-Wave, used by millions of IoT devices, is vulnerable to a downgrade attack that could allow an adversary to take control of targeted devices, according to researchers.<\/p>\n<p>Z-Wave is a wireless protocol used by 2,400 vendors; its wireless chipsets are embedded in an estimated 100 million smart devices ranging from door locks, lighting, heating systems and home alarms, according to Pen Test Partners, who released a <a href=\"https:\/\/www.pentestpartners.com\/security-blog\/z-shave-exploiting-z-wave-downgrade-attacks\/\">report on the vulnerability on Wednesday<\/a>.<\/p>\n<p>According researchers, today\u2019s Z-Wave systems are configured to support a \u201cstrong\u201d S2 Z-Wave pairing security process. However, a proof-of-concept (PoC) attack demonstrates how a hacker could downgrade the higher S2 standard to a weaker S0 pairing standard, which allows an adversary to steal an encryption key and expose a device to compromise.<\/p>\n<p>The PoC attack involved a hacker within RF range at the time a controller pairs with the IoT device.<\/p>\n<p>\u201cZ-Wave uses a shared network key to secure traffic. This key is exchanged between the controller and the client devices (\u2018nodes\u2019) when the devices are paired. The keys are used to protect the communications and prevent attackers exploiting joined devices,\u201d researchers explained.<\/p>\n<p>A nearly identical pairing issue was identified by researchers <a href=\"https:\/\/sensepost.com\/cms\/resources\/conferences\/2013\/bh_zwave\/Security%20Evaluation%20of%20Z-Wave_WP.pdf\">at SensePost in 2013<\/a> (PDF), prompting Z-Wave owner Silicon Labs to develop the new pairing process S2. The problem with the old mechanism was \u201cthe network key was transmitted between the nodes using a key of all zeroes, and could be sniffed by an attacker within RF range,\u201d researchers said.<\/p>\n<p>But since the introduction of S2, a similar attack scenario has been devised by Pen Test Partners. \u201cWe have shown that the improved, more secure pairing process (\u2018S2\u2019) can be downgraded back to S0, negating all improvements,\u201d researchers said.<\/p>\n<p>Researchers noted that when a Z-Wave device is using the weaker S0 security (and not the S2 flavor), the S2 controller will notify the user when S0 security is being used, after the fact. \u201cWe feel this will be ignored or overlooked,\u201d researchers said.<\/p>\n<p>On Wednesday, Silicon Labs <a href=\"https:\/\/www.silabs.com\/community\/blog.entry.html\/2018\/05\/23\/tl_dr_your_door_is-g1zC\">posted a blog addressing<\/a> the Pen Test Partners research, stating the PoC took advantage of a backwards-compatibility feature that allowed S2 devices to work on S0 networks. It also stated emphatically that this is not a vulnerability.<\/p>\n<p>\u201cIt was a conscious choice of the Z-Wave Alliance to discount this non-vulnerability in order to offer partners and customers backwards compatibility so that they didn\u2019t need to replace their gear,\u201d said Lars Lydersen, senior director of product security at Silicon Labs, in an interview with Threatpost.<\/p>\n<p>Lydersen said, an attack is extremely improbable given the requirements of specialized equipment, proximity to the RF network, forcing a controller reset and hacking the pairing session in the 20 milliseconds window it\u2019s vulnerable to attack.<\/p>\n<p>\u201cThe smart home controller or gateway will always notify the user if S2 is reverted to S0 during the installation process,\u201d the post states.<\/p>\n<p><strong>How The Attacks Work<\/strong><\/p>\n<p>The attack exploits the fact that devices supporting the stronger S2 pairing use a type of programming \u201ccommand class\u201d code. That code is used in the process of communicating between the controller and IoT device during pairing.<\/p>\n<p>\u201cThe node info command is entirely unencrypted and unauthenticated. This leads to us being able to spoof it, removing the COMMAND_CLASS_SECURITY_2 command class. The controller then assumes that the device does not support S2, and pairs using S0 security. The attacker can now intercept the key exchange, obtain the network key and then command the device,\u201d researchers described.<\/p>\n<p>In one attack scenario against a Yale Conexis L1 smart lock, researchers were able to use a controller and downgrade the device to the S0 pairing security. The PoC attack then allowed researchers to lock and unlock device at will.<\/p>\n<p>Another attack scenario involves triggering an IoT device to send pairing data by replacing a battery making it possible for an adversary to \u201cto sniff, modify and then send the data on.\u201d<\/p>\n<p>\u201cThe third method involves active jamming using an RFCat,\u201d researchers wrote. RFCat is a USB radio dongle capable of transmitting, receiving and snooping radio frequencies. \u201cAn attacker can continuously listen for the node info from the genuine node. As soon as the home ID has been obtained, they can actively jam the rest of the packet, preventing the node info from being received.\u201d<\/p>\n<p>Pen Test Partners say the issue is a standards and implementation concern, and are critical of what they say is Silicon Labs lethargic response to securing its platform. \u201cWe\u2019re not particularly happy that the Z-Wave Alliance appears to have been aware of the downgrade attack, but hasn\u2019t really addressed it,\u201d researchers wrote.<\/p>\n<p>Despite the fact Silicon Labs doesn\u2019t consider the pairing issue a vulnerability, the company said it plans on taking steps to further ensure its customers make informed decisions when downgrading. Johan Pedersen, product marketing manager, Z-Wave IoT, said it would soon change the way it notified customers that their device was going be downgraded using the S0 pairing method. \u201cInstead of notifying customers that the pairing was going to take place after the fact, we will be notifying them of the pairing beforehand,\u201d he said.<\/p>\n<p>READ MORE <a href=\"https:\/\/threatpost.com\/millions-of-iot-devices-vulnerable-to-z-wave-downgrade-attacks-researchers-claim\/132295\/\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Millions of IoT devices based on the Z-Wave wireless protocol are vulnerable to a downgrade attack during pairing sessions. READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":1498,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[3],"tags":[790,77,19,791,792],"class_list":["post-1497","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-threatpost","tag-downgrade-attack","tag-iot","tag-vulnerabilities","tag-z-shave","tag-z-wave-alliance"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Millions of IoT Devices Vulnerable to Z-Wave Downgrade Attacks, Researchers Claim 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/millions-of-iot-devices-vulnerable-to-z-wave-downgrade-attacks-researchers-claim\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Millions of IoT Devices Vulnerable to Z-Wave Downgrade Attacks, Researchers Claim 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/millions-of-iot-devices-vulnerable-to-z-wave-downgrade-attacks-researchers-claim\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2018-05-25T19:27:18+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/05\/millions-of-iot-devices-vulnerable-to-z-wave-downgrade-attacks-researchers-claim.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"700\" \/>\n\t<meta property=\"og:image:height\" content=\"574\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/millions-of-iot-devices-vulnerable-to-z-wave-downgrade-attacks-researchers-claim\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/millions-of-iot-devices-vulnerable-to-z-wave-downgrade-attacks-researchers-claim\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Millions of IoT Devices Vulnerable to Z-Wave Downgrade Attacks, Researchers Claim\",\"datePublished\":\"2018-05-25T19:27:18+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/millions-of-iot-devices-vulnerable-to-z-wave-downgrade-attacks-researchers-claim\\\/\"},\"wordCount\":869,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/millions-of-iot-devices-vulnerable-to-z-wave-downgrade-attacks-researchers-claim\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/05\\\/millions-of-iot-devices-vulnerable-to-z-wave-downgrade-attacks-researchers-claim.jpg\",\"keywords\":[\"Downgrade Attack\",\"IoT\",\"Vulnerabilities\",\"Z-Shave\",\"Z-Wave Alliance\"],\"articleSection\":[\"Threatpost\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/millions-of-iot-devices-vulnerable-to-z-wave-downgrade-attacks-researchers-claim\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/millions-of-iot-devices-vulnerable-to-z-wave-downgrade-attacks-researchers-claim\\\/\",\"name\":\"Millions of IoT Devices Vulnerable to Z-Wave Downgrade Attacks, Researchers Claim 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/millions-of-iot-devices-vulnerable-to-z-wave-downgrade-attacks-researchers-claim\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/millions-of-iot-devices-vulnerable-to-z-wave-downgrade-attacks-researchers-claim\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/05\\\/millions-of-iot-devices-vulnerable-to-z-wave-downgrade-attacks-researchers-claim.jpg\",\"datePublished\":\"2018-05-25T19:27:18+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/millions-of-iot-devices-vulnerable-to-z-wave-downgrade-attacks-researchers-claim\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/millions-of-iot-devices-vulnerable-to-z-wave-downgrade-attacks-researchers-claim\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/millions-of-iot-devices-vulnerable-to-z-wave-downgrade-attacks-researchers-claim\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/05\\\/millions-of-iot-devices-vulnerable-to-z-wave-downgrade-attacks-researchers-claim.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/05\\\/millions-of-iot-devices-vulnerable-to-z-wave-downgrade-attacks-researchers-claim.jpg\",\"width\":700,\"height\":574},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/millions-of-iot-devices-vulnerable-to-z-wave-downgrade-attacks-researchers-claim\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Downgrade Attack\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/downgrade-attack\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Millions of IoT Devices Vulnerable to Z-Wave Downgrade Attacks, Researchers Claim\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Millions of IoT Devices Vulnerable to Z-Wave Downgrade Attacks, Researchers Claim 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/millions-of-iot-devices-vulnerable-to-z-wave-downgrade-attacks-researchers-claim\/","og_locale":"en_US","og_type":"article","og_title":"Millions of IoT Devices Vulnerable to Z-Wave Downgrade Attacks, Researchers Claim 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/millions-of-iot-devices-vulnerable-to-z-wave-downgrade-attacks-researchers-claim\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2018-05-25T19:27:18+00:00","og_image":[{"width":700,"height":574,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/05\/millions-of-iot-devices-vulnerable-to-z-wave-downgrade-attacks-researchers-claim.jpg","type":"image\/jpeg"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/millions-of-iot-devices-vulnerable-to-z-wave-downgrade-attacks-researchers-claim\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/millions-of-iot-devices-vulnerable-to-z-wave-downgrade-attacks-researchers-claim\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Millions of IoT Devices Vulnerable to Z-Wave Downgrade Attacks, Researchers Claim","datePublished":"2018-05-25T19:27:18+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/millions-of-iot-devices-vulnerable-to-z-wave-downgrade-attacks-researchers-claim\/"},"wordCount":869,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/millions-of-iot-devices-vulnerable-to-z-wave-downgrade-attacks-researchers-claim\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/05\/millions-of-iot-devices-vulnerable-to-z-wave-downgrade-attacks-researchers-claim.jpg","keywords":["Downgrade Attack","IoT","Vulnerabilities","Z-Shave","Z-Wave Alliance"],"articleSection":["Threatpost"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/millions-of-iot-devices-vulnerable-to-z-wave-downgrade-attacks-researchers-claim\/","url":"https:\/\/www.threatshub.org\/blog\/millions-of-iot-devices-vulnerable-to-z-wave-downgrade-attacks-researchers-claim\/","name":"Millions of IoT Devices Vulnerable to Z-Wave Downgrade Attacks, Researchers Claim 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/millions-of-iot-devices-vulnerable-to-z-wave-downgrade-attacks-researchers-claim\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/millions-of-iot-devices-vulnerable-to-z-wave-downgrade-attacks-researchers-claim\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/05\/millions-of-iot-devices-vulnerable-to-z-wave-downgrade-attacks-researchers-claim.jpg","datePublished":"2018-05-25T19:27:18+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/millions-of-iot-devices-vulnerable-to-z-wave-downgrade-attacks-researchers-claim\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/millions-of-iot-devices-vulnerable-to-z-wave-downgrade-attacks-researchers-claim\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/millions-of-iot-devices-vulnerable-to-z-wave-downgrade-attacks-researchers-claim\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/05\/millions-of-iot-devices-vulnerable-to-z-wave-downgrade-attacks-researchers-claim.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/05\/millions-of-iot-devices-vulnerable-to-z-wave-downgrade-attacks-researchers-claim.jpg","width":700,"height":574},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/millions-of-iot-devices-vulnerable-to-z-wave-downgrade-attacks-researchers-claim\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Downgrade Attack","item":"https:\/\/www.threatshub.org\/blog\/tag\/downgrade-attack\/"},{"@type":"ListItem","position":3,"name":"Millions of IoT Devices Vulnerable to Z-Wave Downgrade Attacks, Researchers Claim"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/1497","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=1497"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/1497\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/1498"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=1497"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=1497"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=1497"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}