One company that manufactures IoT chips present in millions of devices worldwide has a major security problem on their hands. Z-Wave chips are present in IoT end point devices from GE, Amazon, Schlage, Nest, Samsung, and nearly 2,400 other IoT device manufacturers. Their chips can apparently have their pairing security downgraded. This gives attackers almost immediate access to all Z-Wave devices on a network. The exploit is called Z-Shave, and it has been known about (and supposedly fixed) since 2013.
Z-Wave reached out in response and provided additional details about Z-Shave. Most critically, according to Raoul Wijgergangs, VP/GM of Z-Wave for Silicon Labs, and Lars Lydersen, senior director of product security, Silicon Labs, is that the vulnerability can’t be forced from outside a Z-Wave IoT network, and the window to take advantage of it is only 20 milliseconds.