Overview
The WVC wireless mesh uses 128-bit symmetric-key encryption with automatic key rotation to secure all communication between the knob and the base station. This article explains how the security model works and why the system is not susceptible to interception or signal hijacking by consumer RF devices.
How the Encrypted Mesh Works
First-Time Pairing
When a knob connects to a base station for the first time, the two devices establish a secure session. Add a caveat: until dynamic key negotiation completes (which requires firmware >= 3.0.0 on both ends), the link operates under a shared standard key. Once negotiation succeeds, the pair switches to a uniquely-derived 128-bit key set used only for that link.
From the point session keys are in place onward, every data packet (whether sent from the knob to the base station or vice versa) is fully encrypted using those keys. A new knob or unit added to the mesh later goes through the same pairing flow and is issued its own unique session keys.
Automatic Key Rotation
The base station periodically replaces the session keys with newly derived ones during normal operation. Rotation happens automatically in the background, on a schedule that depends on how much traffic is flowing on the link. Both devices confirm they have received the new keys before switching to them; the old keys are then discarded.
In effect, the encryption keys protecting your link are continuously and dynamically refreshed throughout every session. Even an attacker who managed to capture a single packet's encryption material would find that material useless within a short window.
Mesh Security
When a secondary WVC unit or an additional knob is added to the mesh, it goes through its own first-time pairing with the primary unit. That pair gets its own independent session keys, subject to the same rotation. Each device pair in the mesh has its own unique encryption keys that are continuously recycled, so capturing traffic on one link reveals nothing about any other link.
Why Signal Interception Is Not Practical
For an attacker to take control of the system, they would need to:
- Capture the encrypted wireless packets being transmitted.
- Recover the 128-bit session key in real time.
- Reverse-engineer the proprietary wireless protocol used over the link.
- Spoof the knob's network identity and replicate its encrypted packet structure correctly.
- Complete all of the above before the next key rotation invalidates whatever they captured.
No consumer RF device, including tools such as the Flipper Zero, has the computational capability to accomplish this. Recovering a 128-bit symmetric key in real time is well beyond the reach of consumer or hobbyist hardware. The continuous key rotation adds a second layer of protection: even a theoretical key recovery would have a very short useful life before the link rotates onto a new key.
Verifying Encrypted Comms on Your Unit
You can confirm that encrypted communications are active on the wireless knob at any time:
- Long-press the encoder on the knob to open the menu.
- Navigate to Knob Info.
- Confirm Encrypted Comms is shown as Yes.