Z-Wave Alliance unveils new security requirements for its Z-Wave certified IoT devices

The Z-Wave Alliance, an open consortium of companies deploying the Z-Wave smart home standard, extending its position by adding a security requirement to its interoperability certification. This becomes an important addition to its certification program that will require manufacturers to adopt the strongest levels of IoT security in the industry.

The Alliance Board of Directors has voted to make the implementation of the new Security 2 (S2) framework mandatory for all products that are Z-Wave certified after Apr. 2, next year. The security measures in S2 provide advanced security for smart home devices and controllers, gateways and hubs.

Z-Wave technology is an open internationally recognized ITU standard with over 1500 certified interoperable products. Represented by the Z-Wave Alliance, and supported by more than 375 companies globally, the standard is a key enabler of smart living solutions for home safety and security, energy, hospitality, office and light commercial applications.

Z-Wave’s S2 framework was developed in conjunction with cybersecurity hacking experts, giving the already secure Z-Wave devices, new levels of impenetrability. By securing communication both locally for home-based devices and in the hub or gateway for cloud functions, S2 also completely removes the risk of devices being hacked while they are included in the network.

By using a QR or pin-code on the device itself the devices are uniquely authenticated to the network as well. Common hacks such as man in the middle and brute force are virtually powerless against the S2 framework through the implementation of the industry-wide accepted secure key exchange using Elliptic Curve Diffie-Hellman (ECDH).

Z-Wave also strengthened its cloud communication, enabling the tunnelling of Z-Wave over IP (Z/IP) traffic through a secure TLS 1.1 tunnel, removing vulnerability.

The changes to Z-Wave’s technical certification program, which is administered through third party test facilities in Europe, US and Asia, first established to test and certify Z-Wave devices in 2005 will check that all S2 security solutions, which contain rules for command classes, timers and device types are correctly implemented.

The Z-Wave Alliance, along with its Board of Directors and members, have been working for the past several years to develop global security for its devices as the IoT expands into every modern household in the U.S. and across the globe.

A 2016 survey by Intel Security showed that two-thirds of consumers are worried about cybersecurity of connected devices and recent incidents involving popular brands demonstrates the real need for industry leadership.

“This recent decision to make the S2 framework mandatory on all Z-Wave certified devices stems from a growing need for industry leadership in the smart home space to take the security and privacy of devices in the market seriously,” commented Mitchell Klein, executive director of the Z-Wave Alliance. “No one can afford to sit on their hands and wait — consumers deserve IoT devices in their home to have the strongest levels of security possible. IoT smart home technologies that don’t act will be left behind.”

In May this year, Nokia has joined its membership to advance their smart home business strategy. Nokia connects people and things, while delivering technology offerings to help communication service providers, governments, and large enterprises provide on the promise of 5G, the cloud and the Internet of Things. As Z-Wave is one of the key wireless IoT platforms being used in residential applications, Nokia is implementing Z-Wave in its latest generation of smart home gateway products. Nokia joined at the time almost 400 additional Z-Wave Alliance members in supporting the Z-Wave standard in smart homes around the world. Z-Wave has experienced unprecedented growth in the past year, with a 25 percent increase in members and over 50 million devices shipped globally.


IoT Innovator Newsletter

Get the latest updates and industry news in your inbox! Enter your email address and name below to be the first to know.