Z-Wave Alliance & CTA Fortify Smart Home Security

Addressing consumer concerns over smart home security and privacy, the Z-Wave Alliance has announced that it will require strict and uniform adoption of a new, advanced security protocol for all smart home devices submitted for certification.

The Consumer Technology Association (CTA) also recently announced that it is offering installers of smart home products a security checklist for installing and configuring internet-connected devices.

The Z-Wave Alliance’s board of directors voted unanimously in November to modify its certification process to require mandatory implementation of the new Security 2 (S2) framework, “the most advanced security for smart home devices and controllers, gateways, and hubs in the market today.”

The move follows a 2016 AT&T study in which 58 percent of the U.S. organizations surveyed reported a lack of confidence in the security of their connected devices. Nine out of 10 companies said they experienced at least one malware-related incident over a 12-month period with 58 percent acknowledging occasional or frequent malware threats.

“We are absolutely committed to making Z-Wave the safest, most secure ecosystem of smart devices on the global market,” said Mitchell Klein, executive director of the Z-Wave Alliance, “Our work, in conjunction with the entire Alliance membership, will ensure that developers, service providers, manufacturers, and consumers alike will look to Z-Wave as the most trusted solution with the highest levels of protection.”

Z-Wave’s certification program, which is administered through third party test facilities in Europe, the U.S., and Asia, will check for correct implementation of S2 security solutions in every new Z-Wave-certified device. S2 devices will also be backwards compatible with existing devices, according to the Z-Wave Alliance.

In a press release, the alliance said:

The Z-Wave S2 framework was developed in conjunction with the cybersecurity expert community to give the already secure Z-Wave devices new levels of impenetrability. By securing communication both locally for home-based devices and in the hub or gateway for cloud functions, S2 also virtually removes the risk of devices being hacked while they are included in the network. By using a QR or pin-code on the device itself the devices are uniquely authenticated to the network as well. Common hacks such as man in the middle and brute force are virtually powerless against the S2 framework through the implementation of the industry-wide accepted secure key exchange using Elliptic Curve Diffie-Hellman (ECDH). Finally, Z-Wave also strengthened its cloud communication, enabling the tunneling of all Z-Wave over IP (Z/IP) traffic through a secure TLS 1.1 tunnel, removing vulnerability.

The Z-Wave Alliance is an open consortium of companies that make products based on the Z-Wave smart home wireless standard. Principal members include ADT, FAKRO, FIBARO, Ingersoll Rand Nexia Intelligence, Jasco Products, Leedarson, LG Uplus, Nortek Security & Control, SmartThings. and Sigma Designs.

More than 70 million Z-Wave-compliant products have been sold since 2001, according to the Z-Wave Alliance. A catalog of Z-Wave products broken out by category is here.

For more information on the Z-Wave Alliance, visit z-wavealliance.org.

For more information on Z-wave, visit z-wave.sigmadesigns.com. For more information on Z-wave, visit z-wave.sigmadesigns.com.

In related news, the CTA announced that it is offering installers of smart home products a security checklist for installing and configuring internet-connected devices in an effort to help protect consumers and their smart home devices from malware and hackers.

“Good cybersecurity practices are critical at the installer level—one of the first lines of defense against security breaches,” said Melissa Andresko, chair of CTA’s TechHome Division and communications director at Lutron Electronics. “To better safeguard consumers’ privacy and sensitive information, CTA created the first-ever tool designed by installers, for installers, that outlines existing best practices, standards and methods for today's smart home security challenges."

The tool provides a quick reference of industry practices for topics including passwords, networks, modems and routers, VPNs, and the Z-Wave and ZigBee wireless standards. The tool also e-mails consumers an assessment of the security steps performed with recommendations.

According to CTA research, sales of smart home devices are projected to reach 29 million this year, a 63 percent increase from last year—creating a demand for professionals capable of installing devices from different manufacturers so they work together seamlessly.