The Z-Wave Alliance is joining the many initiatives around Internet of Things security, which are growing each day as finally the security concerns regarding the Internet of Things have become more prominent.
The Z-Wave Alliance is a consortium of large companies which promote the Z-Wave smart home automation standard. It’s not that the Z-Wave Alliance didn’t work on IoT security of course but the announcements on new IoT security initiatives are growing every day and are clearly accelerating.
Z-Wave certification: new IoT security framework becomes mandatory
In order to be Z-Wave certified, manufacturers of IoT devices who want to be present in the Z-Wave ecosystem, will need to adhere to these new security requirements.
The new security framework, which is called the Z-Wave S2 framework, is mandatory for all Z-Wave certified products which want certification after April 2nd, 2017.
Consumers want trust and with the many IoT security issues discovered in recent months and the various IoT-enabled cyber-attacks in mind, all vendors and associations are taking measures.
More details on the new Z-Wave S2 security framework for smart homes
The Z-Wave Alliance claims that “the security measures in S2 provide the most advanced security for smart home devices and controllers, gateways and hubs in the market today.”
Mitchell Klein, executive director of the Z-Wave Alliance: “This recent decision to make the S2 framework mandatory on all Z-Wave certified devices stems from a growing need for industry leadership in the smart home space to take the security and privacy of devices in the market seriously. No one can afford to sit on their hands and wait — consumers deserve IoT devices in their home to have the strongest levels of security possible. IoT smart home technologies that don’t act will be left behind.”
Z-Wave’s S2 framework was developed in collaboration with hacking experts and adds new security controls and levels of impenetrability.
From the press release: “By securing communication both locally for home-based devices and in the hub or gateway for cloud functions, S2 also completely removes the risk of devices being hacked while they are included in the network. By using a QR or pin-code on the device itself the devices are uniquely authenticated to the network as well. Common hacks such as man in the middle and brute force are virtually powerless against the S2 framework through the implementation of the industry-wide accepted secure key exchange using Elliptic Curve Diffie-Hellman (ECDH). Finally, Z-Wave also strengthened its cloud communication, enabling the tunnelling of all Z-Wave over IP (Z/IP) traffic through a secure TLS 1.1 tunnel, removing vulnerability.”
Among the companies in the Z-Wave Alliance are ADT Corporation, LG U+ (the name for the new combination of LG Telecom, LG Dacom, and LG Powercom), Danfoss, Bosch, Deutsche Telekom, Logitech, Nokia, Sharp, Verizon, Panasonic, Nortek Security & Control, Jasco Products (a GE licensee), Sigma Designs, Ingersoll Rand, LG Electronics and many more.
Top image: Shutterstock – Copyright: Alexander Kirch – All other images are the property of their respective mentioned owners.