LF Audio | Help Center

Wireless Security

advanced

Overview

The WVC wireless mesh uses 128-bit AES encryption with automatic key rotation to secure all communication between the knob and base station. This article explains how the security model works and why the system is not susceptible to interception or signal hijacking by consumer RF devices.

How the Encrypted Mesh Works

Initial Handshake

When a knob connects to a base station for the first time, the two devices perform a cryptographic handshake. During this process:

  1. The base station generates a unique pair of 128-bit encryption keys (a Primary Master Key and a Local Master Key).
  2. The keys are exchanged between the knob and base station over the initial connection.
  3. Both devices confirm they share the same keys before any operational data is transmitted.

From this point forward, every data packet — whether sent from the knob to the base station or vice versa — is fully encrypted using these keys.

Automatic Key Rotation

The base station tracks the number of encrypted messages exchanged with each peer. After every 1,000 messages, the base station initiates a new key negotiation over the already-encrypted channel. Both devices confirm receipt of the new keys before switching to them. The old keys are then discarded.

This means the encryption keys are continuously and dynamically replaced throughout every session — typically rotating multiple times per hour during active use.

Mesh Security

When a secondary WVC unit is added to the mesh, it shares a separate unique key with the primary unit. That key is also subject to the same rotation schedule. Each device pair in the mesh has its own independent encryption key that is continuously recycled.

Why Signal Interception Is Not Practical

For an attacker to take control of the system, they would need to:

  1. Capture the encrypted wireless packets being transmitted
  2. Decrypt the 128-bit key in real time
  3. Reverse-engineer the proprietary wireless protocol
  4. Spoof the knob's MAC address and replicate its encrypted packet structure
  5. Complete all of the above before the next key rotation invalidates the captured key No consumer RF device — including tools such as the Flipper Zero — has the computational capability to accomplish this. Breaking 128-bit encryption in real time would require hardware far beyond what is currently available outside of nation-state-level resources.

Verifying Encrypted Comms on Your Unit

You can confirm that encrypted communications are active on your knob at any time:

  1. Hold the top button on the knob to enter the menu.
  2. Navigate to Device Info → Knob Info.
  3. Confirm Encrypted Comms is shown as On.