Aeotec Garage Door Controller Gen 5

Forums › Gadgets, robotics, home automation, electronics (including wearables) › Aeotec Garage Door Controller Gen 5 - Is it secure?

Paul1977

4983 posts

Uber Geek

#293261 10-Jan-2022 10:03

I have the open of purchasing an Aeotec Garage Door Controller Gen 5 (ZW062) from a friend who no longer needs it. I've hooked it up to try it out and it works fine, but I'm having trouble finding any info on how secure it is against hacking. The only other Z-Wave devices I use are lights, so I've never really worried too much about the security aspect until now.

It's paired with a Z-Stick Gen 5 and the Z-Wave info in Home Assistant for the Garage Door Controller says "Highest Security: None". That certainly doesn't sound secure!

I'm reading about legacy S0 security, and that newer Z-Wave locks are S2, but this doesn't seem to be either. So it's unclear to me how safe this controller is.

Can anyone more knowledgeable enlighten me on this?

Thanks

Home: Work:
Home Work

wellygary

8203 posts

Uber Geek

#2845997 10-Jan-2022 10:31

Ideally as a start things like home automation that rely on Cloud support should all be on a separate VLAN,

Quic Broadband

Move to New Zealand's best fibre broadband service (affiliate link). Note that to use Quic Broadband you must be comfortable with configuring your own router.

Paul1977

4983 posts

Uber Geek

#2846067 10-Jan-2022 12:42

wellygary:

Ideally as a start things like home automation that rely on Cloud support should all be on a separate VLAN,

It doesn't rely on any Cloud services, my issue is whether it's connecting to the Z-Wave network in a secure fashion. I.e. how difficult is it for someone in the physical vicinity of my house, and with the appropriate know-how, to open my garage door.

gehenna

8434 posts

Uber Geek

Moderator

Trusted

Lifetime subscriber

#2846123 10-Jan-2022 14:23

Probably the same level of difficulty as picking a lock with the appropriate know-how. First they have to know you're using that device. Then they have to know how to exploit any of its weaknesses. Easier to break a window.

Paul1977

4983 posts

Uber Geek

#2846567 11-Jan-2022 09:26

OK, so by initiating the pairing via Home Assistant instead of via the button on the Z-Stick it shows as "S0 Legacy" security. In the US it's now a discontinued product that hasn't been replaced; I'm waiting to hear back from Aeotec but I'm assuming it just doesn't support S2 since it was released before this became mandatory for new device certifications.

Because of how long it takes for these things to get NZ certification even after they are released in the US, I suspect it will be a long time before NZ sees a replacement model that supports S2. So if S0 this is still considered secure, I'd like to purchase it.

Does anyone with more Z-Wave knowledge than me know if it's an issue these days to have, what is a effectively, a home security/entry device that uses the old S0 encryption standard? The only specific vulnerability I've read about would require someone to be capturing data during the initial pairing, which would be incredibly unlikely; but other info and recommendations are hard to find.

I've never much liked the argument of "there are easier ways to break in, so it doesn't matter".

fearandloathing

497 posts

Ultimate Geek

ID Verified

Lifetime subscriber

#2846594 11-Jan-2022 10:37

I’ve tried a few things as a garage door opener now.
Belkin wemo maker
Fibaro smart implant
Shelly 1
Shelly 1 with temperature sensor add on (monitors state of reed switch)

All have used the same reed switch to see the garage door is closed

Z-wave never worked reliably in my house,
I had tried:
smart things
Vera lite
Vera plus

I found z-wave slow and unreliable
Secure inclusion was always a pain, with the device having to be next to the hub and really ever worked.

Wemo maker was great, but didn’t want the cloud service.

Smart implant was ok but slow

Shelly 1 with temperature add on is spot on, it will switch the garage lights on and off instantly, reliably (Controlled by Shelly 1pm)

Both the Shelly and smart implant were/are powered by 12v from the garage door opener.

Paul1977

4983 posts

Uber Geek

#2846602 11-Jan-2022 11:00

fearandloathing: I’ve tried a few things as a garage door opener now.
Belkin wemo maker
Fibaro smart implant
Shelly 1
Shelly 1 with temperature sensor add on (monitors state of reed switch)

All have used the same reed switch to see the garage door is closed

Z-wave never worked reliably in my house,
I had tried:
smart things
Vera lite
Vera plus

I found z-wave slow and unreliable
Secure inclusion was always a pain, with the device having to be next to the hub and really ever worked.

Wemo maker was great, but didn’t want the cloud service.

Smart implant was ok but slow

Shelly 1 with temperature add on is spot on, it will switch the garage lights on and off instantly, reliably (Controlled by Shelly 1pm)

Both the Shelly and smart implant were/are powered by 12v from the garage door opener.

I've actually found Z-Wave very reliable at my place with 12 lights (and now a test garage door opener). It took a bit of reading and tweaking device parameters at the beginning for the lights to get rid of delays, but it seems pretty bullet proof now - still have the very occasional delay, but these are usually caused by the HomeKit Brdige integration when using "Hey Siri" from my iPhone.

As a performance test I excluded and re-included all my lights as S0 legacy secure and didn't have too much trouble. They are throughout the entire house and I did them all without moving the hub (or switches). One in particular needed several tries, but the others were fine. But it turns out the S0 overhead added a slight delay, so for the lights I went back to their default insecure mode.

fearandloathing

497 posts

Ultimate Geek

ID Verified

Lifetime subscriber

#2846672 11-Jan-2022 11:26

Paul1977:

I've actually found Z-Wave very reliable at my place with 12 lights

I always suspected that my issue was a 'density' issue with Z-Wave, but wasn't willing to invest more in Z-Wave. The smart implant was the last of my z-wave stuff to go.

I still have the smart implant, if you want to make me an offer on it. It needs a 12v power source if you can get this from the garage door it will be a better solution IMHO.

If you need an external power supply for it maybe not.

Paul1977

4983 posts

Uber Geek

#2846720 11-Jan-2022 13:43

fearandloathing:

I always suspected that my issue was a 'density' issue with Z-Wave, but wasn't willing to invest more in Z-Wave. The smart implant was the last of my z-wave stuff to go.

I still have the smart implant, if you want to make me an offer on it. It needs a 12v power source if you can get this from the garage door it will be a better solution IMHO.

If you need an external power supply for it maybe not.

I like that the Smart Implant supports S2. Aeotec have confirmed their opener is only S0. But the Aeotec Opener functionally works very well with it's included tilt sensor.

While evrything I read says that S2 is more secure, nothing seems to suggests that S0 is in any way insecure (except for an unencrypted key exchange during the initial pairing). The biggest real world benefit of S2 seems to be the much lower network overhead and power consumption, which enables it to be used on any device.

So unless I'm corrected about this by someone, I'll likely just stick with the Aeotec. Thanks anyway.