Additional Security for Z-Wave


#1

I don’t know how this will affect SmartThings but thought you all might be interested.


Zwave security upgraded today
(Jimmy) #2

Interesting. @slagle any plans for SmartThings to implement this?


(Tim Slagle) #3

We have known about this for a little while now and are working on it. No specifics outside of that.


(codersaur) #4

That also means that if you already own any devices that speak Z-Wave, today would probably be an excellent day to check for firmware updates.

I think this highlights that SmartThings urgently need to work with manufacturers to support OTA firmware updates for all Z-wave devices that support it. I’m acutely aware that I have lots of Z-Wave devices with old firmware versions and currently no way to update them!!


#5

We discussed this a little bit when it was first announced in November:


(Jimmy) #6

That was my next question! I don’t own (or know of) any z-wave device that can be updated via USB or some other physical cable. So that leaves the hub as the only way.


#7

Aeon Minimote offers a USB update option. :sunglasses:

Also the GoControl Thermostat GCTBZ48.

There are a few other zwave devices that have a similar option, but not many.


(Jimmy) #8

Updated statement: i do own a device that can be updated via USB, i just didn’t know it! :laughing:


(Tim Slagle) #9

Keep in mind, the “botnet” that this article refers to did not affect a single SmartThings customer.

The big thing here is the backward compatibility.

There are two problems, though.

  1. We don’t currently support Z-Wave firmware updates. (Will come with the S2 updates)
  2. Z-Wave manufacturers (most of them) are slow at producing firmware updates.

Personal Opinion: I don’t think S2 will be ubiquitous on any platform for a little while.


#10

Remember that the Z wave alliance representative also said at CES 2017 that two thirds of zwave devices are professionally installed.

There was also a whole seminar thing on S2 and how it would allow the professional installers, specifically those from cable companies like Xfinity home and security companies like alarm.com and ADT pulse to pair devices to the account at the warehouse before shipping. This is something alarm.com has been asking for for about three years, and S2 positioned specifically as an answer for that.

So I think you are going to see S2 deployed almost immediately for the monthly service contract installations, at least the new accounts. Nortek has already said they’re on board and they probably account for half the Z wave devices sold in the US (two gig, linear, gocontrol, Plus some additional individual pieces for companies like Nutone, Iris, and Nexia).

The Z wave alliance is making a big deal out of calling this “HomeKit like levels of security” and their target audience is the professional installers Who are getting asked the question a lot by their base.

So far there hasn’t been a lot of overlap between that group and SmartThings customers, who commonly put not having to pay a monthly fee as one of the big reasons for looking at SmartThings in the first place. And no word from Aeon Labs one way or the other.

But I think we are going to see very quick S2 adoption by the monthly service charge companies, they’re the ones who have been asking for something like this anyway. And remember that as a group they literally have millions of customers, significantly more than the DIY market.


(Tim Slagle) #11

You’re absolutely right.


(Jimmy) #12

@slagle and idea when we will see S2 implemented?


(Brian Aker) #13

Did anyone offer to provide the author of that statement a copy of “Crossing the Chasm”? Did anyone ask the author if they thought there was an uptake in lightbulb installers? I would not believe that the home automation market is being implemented by professional installers.

That statement shows a basic ignorance of the current market.

S2? It could be worse, they could be dictating you implement Z/IP. It would appear that no one who is working on that understand a thing about how spanning tree works or has put Z/IP to the test in a way that shows that they understand how multicast works.

Z-Wave has some fascinating architecture, but hearing that the Z-Wave alliance is totally ignorant of the market around home automation makes me question the investment in it.


#14

I would have to respectfully disagree. The numbers are out there. Xfinity home has several million customers, as does ADT pulse. Both have professionally installed Z wave devices. The “home automation as a service” piece of the market, particularly when sold as an add on to a security system, is many times bigger than the do it yourself market.

The new security two zwave feature, for example, which became mandatory for Z wave certification as of April 2017, is primarily aimed at professional installers and was driven by market demand.

These are companies which put together the initial package at the warehouse and then ship it out for professional installation. They wanted to be able to pair the package Devices at the warehouse without having to power on all the individual devices, or even open the boxes. The new feature lets one person at the warehouse just scan QR codes and put together the bundle to send to the professional installer in the field.

They didn’t do that because they don’t understand the market. They did it because they do understand their market, and most of their devices are being sold to professional installers through one of the home automation as a service companies. It’s just a numbers game right now.