this post was submitted on 06 Oct 2025
18 points (100.0% liked)
homeassistant
16534 readers
98 users here now
Home Assistant is open source home automation that puts local control and privacy first.
Powered by a worldwide community of tinkerers and DIY enthusiasts.
Home Assistant can be self-installed on ProxMox, Raspberry Pi, or even purchased pre-installed: Home Assistant: Installation
Discussion of Home-Assistant adjacent topics is absolutely fine, within reason.
If you're not sure, DM @GreatAlbatross@feddit.uk
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
You mentioned Yale Smart Locks, and that CVE is specific to Yale Smart Locks. Has nothing to do with Z-Wave, but if your lock has a contact reader, it's susceptible.
Just Z-wave here. Thanks though.
You're missing the point here...🤦
Am I?
The one attack vector you provided that actually applies here is something that would require technical experience above what your average thief would reasonably have. But with a keyed deadbolt, a lot of those can be raked, picked, or opened with a Lishi tool.
So yeah, you're right that there's a vulnerability when locks are paired. But that would require someone to either be within range when that happens or to place a battery powered device and pick up that information the next time pairing happens. Pairing doesn't happen very often. I think the last time I paired any of my locks was over a year ago.
But with keyed locks, an attacker wouldn't have to wait for me to do anything, they could just walk up and pick the lock with tools that are easier to get and understand/use.
Going with your reasoning, the two videos I've shared about picking deadbolts would mean that keyed locks aren't secure either.
Two words then: Flipper Zero
You're behind the times on this one. This is a common tool used to defeat all kinds of locks. The Z-Wave exploits have been around for a LOOOONG time now. There's also BT and RFID exploits as well, hence the CVE is posted above.
Mind sharing a link to something showing that the Flipper Zero can actually do anything with Z-wave? Cause all I found are pages that talk about how hard it would be to implement zigbee, let alone*Z-wave:
https://forum.flipper.net/t/zigbee-z-wave-capacity/771
https://old.reddit.com/r/flipperzero/comments/zx05x4/why_cant_we_have_zigbee_support/
I found those two when searching for flipper zero "z-wave" and look what I found right after them, a video dismissing your whole argument about Z-wave devices/locks not being secure:
https://youtu.be/6JK-jrLd1yc
And why are you bringing up the CVE again? I already said that my locks don't use RFID and they also don't use Bluetooth. You're verging into Straw Man fallacy territory.. I knew there was a reason I had you tagged as a "very upset person".
Lol, classic deflection of someone who insecure in their knowledge about a subject and trying to change the subject. Personal attacks. Weak sauce, guy. Have a time with yourself.
You've shared nothing to make me think anything other than this accusation being projection.