We are at Black Hat 2013 this week and have seen some really cool hacks. Today, we saw “Honey, Im Home!! Hacking Z-Wave Home Automation Systems" presented by Behrang Fouladi and Sahand Ghanoun. They demonstrated how easy it is to unlock someones house with a laptop and a sub-$75 radio card. While you can encrypt your data and add protections to prevent packet replay, if you assume the other end is always friendly you can have a problem.The Z-Wave protocol uses a pre-shared key to encrypt a proper random number for use as the key for AES encryption of the connection. Teasing the pre-shared key out of the devices wasnt interesting to the researchers. They found an easier method.The demo involved forcing a controllable dead-bolt lock using the protocol stack to rekey with a new home-controller: a human sitting at a laptop with a cheap radio. Once the dead-bolt rekeyed, it accepted the humans unlock command and opened the door.Public-key cryptography can solve this problem. Providing a method for your home automation equipment to trust each other will give you the physical security you desire with your dead-bolt locks.wolfSSL provides public-key authentication with industry standard bulk encryption in a small package. Please contact us today for more information.