Z-Wave Alliance Ups Security Requirements for All Z-Wave Certified IoT Devices
The Z-Wave Alliance has adding a security requirement to its long-standing interoperability certification. This addition to its certification program will require manufacturers to adopt the strongest levels of IoT security in the industry. The Alliance Board of Directors has voted to make the implementation of the new Security 2 (S2) framework mandatory for all products that are Z-Wave certified after April 2, 2017. The security measures in S2 provide the most advanced security for smart home devices and controllers, gateways and hubs in the market today.
The Z-Wave Alliance, along with its Board of Directors and members, have been working for the past several years to develop world-class security for its devices as the IoT expands into every modern household in the U.S. and across the globe. A 2016 survey by Intel Security(1) showed that two-thirds of consumers are worried about cybersecurity of connected devices and recent incidents involving popular brands demonstrates the real need for industry leadership.
Z-Wave’s S2 framework was developed in conjunction with cybersecurity hacking experts, giving the already secure Z-Wave devices, new levels of impenetrability. By securing communication both locally for home-based devices and in the hub or gateway for cloud functions, S2 also completely removes the risk of devices being hacked while they are included in the network. By using a QR or pin-code on the device itself the devices are uniquely authenticated to the network as well. Common hacks such as man in the middle and brute force are virtually powerless against the S2 framework through the implementation of the industry-wide accepted secure key exchange using Elliptic Curve Diffie-Hellman (ECDH). Finally, Z-Wave also strengthened its cloud communication, enabling the tunnelling of all Z-Wave over IP (Z/IP) traffic through a secure TLS 1.1 tunnel, removing vulnerability.
The changes to Z-Wave’s technical certification program, which is administered through 3rdparty test facilities in Europe, US and Asia, first established to test and certify Z-Wave devices in 2005 will check that all S2 security solutions, which contain rules for command classes, timers and device types are correctly implemented.
Here are more details about it.
More Stories Like This
A ‘Cascade of Failures’ Led to Microsoft Exchange Online Intrusion of Summer 2023
In the summer of 2023, a Chinese hacking group tracked as Storm-0558 compromised Microsoft’s cloud, eventually leading to the breach of hundreds of thousands of emails, including those email accounts of U.S. government officials in charge of managing our relationship with China (Commerce Secretary Gina Raimondo, United States Ambassador to the People’s Republic of China […]
Which U.S. States Are Most Vulnerable to Cyber Crimes?
A new study conducted by researchers at TorGuard, an online protection company, has revealed the states most at risk of internet crime — and Alaska ranks #1. The TorGuard team analyzed data from the recently updated FBI Internet Crime Report to produce a list of the states most at risk of a cyberattack. The research […]
Study Reveals States Whose Residents Are the Most Anxious About Cybersecurity
New data reveals which U.S. states search for cybersecurity-related issues the most. The data, compiled by the research team at cloud security company AccuKnox, analyzed search terms related to cybersecurity across every U.S. state to establish which states are the most worried about cybersecurity. Vermont takes the crown as the state most worried about cybersecurity, […]