Z-Wave Alliance ups security in home automation products
December 02, 2016
You're probably tired of hearing me say it, but it can't be stressed enough--security must be paramount in your design, whether it's a financial syste...
You’re probably tired of hearing me say it, but it can’t be stressed enough—security must be paramount in your design, whether it’s a financial system, a medical device, or a home-automation product. Don’t get caught closing the barn door after the cows have left, or whatever that saying is.
In attempt to shut that barn door, so to speak, the Z-Wave Alliance has announced some new security requirements for any IoT devices that comply with its standard. Z-Wave is a communications protocol that allows all types of home-automation products to interact seamlessly. This could include anything from thermostats and garage door openers to lights, locks, and alarm systems.
The Alliance’s Board of Directors recently mandated that all devices receiving Z-Wave Certification after April of next year must include the latest Security 2 (S2) framework, what it deems as the industry’s strongest levels of IoT security. This affects mostly smart-home devices and controllers, gateways, and hubs.
The S2 framework was developed by the Alliance, but with the help of leading cybersecurity hacking experts. If followed correctly, S2 removes the risk of networked devices being hacked, in theory at least, in their communications between the devices and the cloud.
By using a QR or pin-code on the device itself, the devices are uniquely authenticated to the network as well. This should thwart common hacks. In addition, for further protection, Z-Wave strengthened its cloud communication protocol, enabling the tunnelling of all Z-Wave over IP (Z/IP) traffic through a secure TLS 1.1 tunnel.