10.04.17

Z-Wave bolsters security of IoT devices

Z-Wave Alliance logo with transparent background

The Z-Wave Alliance has unveiled stronger standards for all Z-Wave devices receiving certification.

The creators of the Z-Wave protocol are implementing “stricter security” standards designed to keep your connected homes safe from attack in light of recent hacking attempts targeted at devices on the network via fake traffic requests.

Z-Wave’s technical certification program (deployed throughout Europe, US and Asia), will now check that all S2 security solutions, which contain rules for command classes, timers and device types are correctly implemented in every new certified device.

Developed in conjunction with cybersecurity experts, the standards – first announced at the start of 2016 – are billed as the “Security 2” framework, or S2 for short and will come into effect immediately following a board of directors’ vote.

We are absolutely committed to making Z-Wave the safest, most secure ecosystem of smart devices on the global market,” commented Mitchell Klein, executive director of the Z-Wave Alliance.

Z-Wave has secured communication both locally for home-based devices and in the hub or gateway for cloud functions. Z-Wave say the changes “virtually remove the risk of devices being hacked while they are included in the network.”

Devices are uniquely authenticated to the network by a QR or pin-code on the device during setup as part of the implementation of the industry-wide accepted secure key exchange using Elliptic Curve Diffie-Hellman (ECDH).

Z-Wave has also strengthened its cloud communication, allowing the tunnelling of all Z-Wave over IP (Z/IP) traffic through a secure TLS 1.1 tunnel, for added security.

The S2 framework is also designed to be backward compatible wherever possible, meaning devices may ask for a code displayed on the product during setup. Owners of Z-Wave devices can access the upgrade via a firmware update.