popular Posted by Skillful_Pickle | Staff • Jul 15, 2024
Jul 15, 2024 3:39 PM
Item 1 of 1
popular Posted by Skillful_Pickle | Staff • Jul 15, 2024
Jul 15, 2024 3:39 PM
Yale Push Button Deadbolt Lock with Z-Wave $72 + Free Shipping
$72
$200
64% offDaily Sale
Get Deal at Daily SaleGood Deal
Bad Deal
Save
Share
Leave a Comment
48 Comments
Sign up for a Slickdeals account to remove this ad.
It's legit. A lot of these "sale websites" are the same company just different names. Daily "Insert Word". Some are drop shippers and some are shipping from a centralized warehouse.
Our community has rated this post as helpful. If you agree, why not thank flipontheradio
It does not offer zwave plus and only has S0 security that has known vulnerabilities.
This is a terrible price for the YRD110 model.
Our community has rated this post as helpful. If you agree, why not thank flipontheradio
S0 only. The only module that supports S2 is the 700 series module and it will not work in these locks. Yale doesn't even sell that module directly to consumers you have to buy it on eBay. These only support the legacy 300 series, non zwave plus, module.
It does not offer zwave plus and only has S0 security that has known vulnerabilities.
This is a terrible price for the YRD110 model.
A noticeable vulnerability, but not likely one you have to worry about. Someone would have to be actively targeting you while you are in the brief window of installing and pairing.
Sign up for a Slickdeals account to remove this ad.
Our community has rated this post as helpful. If you agree, why not thank flipontheradio
A noticeable vulnerability, but not likely one you have to worry about. Someone would have to be actively targeting you while you are in the brief window of installing and pairing.
Yes it's supported. This is a good price.
It will eat batteries.
If it does, they will want you to buy the zwave module ($90) yourself so make sure to ask them to make an exception and include it.
It does not offer zwave plus and only has S0 security that has known vulnerabilities.
This is a terrible price for the YRD110 model.
I could be wrong, and it is a 300 series device. But even still, it does have S0 security.
Edit - I was incorrect, and this is a 300 series device. But it does have encryption with S0 security.
S0 security is encrypted, as is S2. As mentioned in the full paper you linked (if you do a text search on s0), s0 security has the vulnerability I mentioned of possibly capturing the shared key during inclusion, but the rest of the attacks mentioned are in relation to fully unencrypted devices that lack even s0 security.
Also the zwave alliance lists this as NOT being zwave plus https://products.z-wavealliance.o.
Capturing the key during inclusion was known as the z"shave" vulnerability and involves dropping S2 down to S0 during inclusion which this module is not capable of.
The 500 series module that yale sells ALSO does not support S2 security, source: I bought it and you can read the reviews.
Did I miss any of your points?
Ah yes, and per the CVE bulletin, 300 series DO NOT SUPPORT ENCYPTION CVE-2020-9057 https://www.kb.cert.org/vuls/id/1...exhaustion.
Z-Wave devices based on Silicon Labs 100, 200, and 300 series chipsets do not support encryption.
Also the zwave alliance lists this as NOT being zwave plus https://products.z-wavealliance.o...ucts/1039/ [z-wavealliance.org] and ALL 500 series chips MUST be "plus" certified. https://www.silabs.com/wireless/z...es-modules [silabs.com]
Capturing the key during inclusion was known as the z"shave" vulnerability and involves dropping S2 down to S0 during inclusion which this module is not capable of.
The 500 series module that yale sells ALSO does not support S2 security, source: I bought it and you can read the reviews.
Did I miss any of your points?
Ah yes, and per the CVE bulletin, 300 series DO NOT SUPPORT ENCYPTION CVE-2020-9057 https://www.kb.cert.org/vuls/id/1...exhaustion [cert.org].
Z-Wave devices based on Silicon Labs 100, 200, and 300 series chipsets do not support encryption.
However, you are incorrect in stating it does not support encryption. This device has S0 security. My point on S0 security being encrypted is still accurate. Downgrading S2 to S0 during inclusion is a possibility for some newer devices that support S2, so they can be more compatible (if your zwave controller isn't new enough to support S2). But while that opens you back up to the vulnerability of having your shared key getting captured by an attacker during the window of inclusion, it is not the same as a zwave device with no encryption at all.
Sign up for a Slickdeals account to remove this ad.
However, you are incorrect in stating it does not support encryption. My point on S0 security being encrypted is still accurate. Downgrading S2 to S0 during inclusion is a possibility for some devices that support S2, so they can be more compatible (if your zwave controller isn't new enough to support S2). But while that opens you back up to the vulnerability of having your shared key getting captured by an attacker during the window of inclusion, it is not the same as a zwave device with no encryption at all.
CVE-2020-9057
Z-Wave devices based on Silicon Labs 100, 200, and 300 series chipsets do not support encryption.
If you want to add a hot piece of legacy garbage to your zwave network then please do. Slickdeals will HAPPILY take their comission. I had 2 of the key lock version of this. It EATS batteries and brought my network to a standstill with repeated timeouts and retrys. That was with smartthings, hubitat, and home assistant (On Nortek 500, Zooz 700, and 800 usb sticks).
Leave a Comment