This may be a ridiculous question (I’m not a programmer or networking guru).
Are there better ways of adding security to protect a SmartThings Hub from being hacked outside of the hub itself?
In other words, can’t we upgrade other equipment to better protect the V2 hub instead of having to start all over with a V3 hub just to get the security upgrade?
tgauchat
(ActionTiles.com co-founder Terry @ActionTiles; GitHub: @cosmicpuppy)
2
That completely depends on what particular attack vectors you are referring to.
Some of it has to do with the way the keys are issued at the initial join, not anything to do with the messages that are transmitted after they are encrypted.
But the point that a couple of the SmartThings staff have made that some of the updates that you might want to make would require basically resetting your hub completely To factory specs and then loading in all new firmware. You would have to rebuild your entire network from scratch. Including re-joining each individual device. And you still wouldn’t get all of the features that the new V3 has.
So there are things that you can do to improve security on any home automation system (for one, don’t have it share a network with anything else in your home), so just check the forum for the various security threads for those discussions.
As I mentioned in the other thread, there are plans to bring zigbee 3.0 to the Hub v2. The security improvements in zigbee 3.0 are very specific though and functionally you are well off with any SmartThings Hub technology.
Eventually (but not at launch) V3 will be certified for the S2 security framework for Zwave. I’m guessing V2 will not be added to that road map, but I don’t know for sure.
I’m ‘fighting’ adding a Fibaro Roller Shutter 3 to a v2 smartthings hub and noticed that ZWAVE_S0_DOWNGRADE was showing in the IDE for the device
It’s been a real bugger to get paired and I wondered if this might be due to the need to fall back from S2 that the FGR-223 supports to S0 that it will also support but only as a backward compatibility
Could you possibly confirm that v2 hub only supports S0 today and whether there is any news on potential to add S2 either to the v2 hub or the v3 hub
I can see this starting to get a real problem hence need to check and figure out what to do
As I understand it, ZWAVE_S0_DOWNGRADE means the device tried to join with S2 but failed and fell back to S0. As S2 has not been implemented yet, devices that support S2 and join securely will pair with that security level.
So if you’re seeing that, the device supports S2 and securely joined with S0. Does the device function when paired?
The way it works is that the hub will establish the highest level of security connection based on the device and hub’s capabilities. So in this case, your hub does not support S2 yet, so the highest it can establish is S0. In near future, S2 functionality will be enabled and all the devices that do support S2 will be joined as S2 devices.
The Network Security Level determination is sort of wonky, and in in time will get refined to factor in security capabilities of both the hub and the device and determine the correct verbose status.
In the case of ZWAVE_S0_DOWNGRADE, It means that we settled for S0 while one of the parties supports S2 or higher.
The device will function even if joined as S0, while in some rare cases the devices may restrict certain info and functionality based on the security level, but I am not aware of any device that does that.