Improving Security for SmartThings V2 Hub?

This may be a ridiculous question (I’m not a programmer or networking guru).

Are there better ways of adding security to protect a SmartThings Hub from being hacked outside of the hub itself?

In other words, can’t we upgrade other equipment to better protect the V2 hub instead of having to start all over with a V3 hub just to get the security upgrade?

That completely depends on what particular attack vectors you are referring to.

1 Like

Yeah…I’m not even going to begin to act like I know what I’m talking about there!

I just want “security” like everyone else. :laughing:

Some of it has to do with the way the keys are issued at the initial join, not anything to do with the messages that are transmitted after they are encrypted.

But the point that a couple of the SmartThings staff have made that some of the updates that you might want to make would require basically resetting your hub completely To factory specs and then loading in all new firmware. You would have to rebuild your entire network from scratch. Including re-joining each individual device. And you still wouldn’t get all of the features that the new V3 has.

So there are things that you can do to improve security on any home automation system (for one, don’t have it share a network with anything else in your home), so just check the forum for the various security threads for those discussions.

As I mentioned in the other thread, there are plans to bring zigbee 3.0 to the Hub v2. The security improvements in zigbee 3.0 are very specific though and functionally you are well off with any SmartThings Hub technology.

2 Likes

I have mostly ZWave Plus devices. Are there any improvements that the V3 has over the V2 in regards to Zwave?

I don’t believe so.

Eventually (but not at launch) V3 will be certified for the S2 security framework for Zwave. I’m guessing V2 will not be added to that road map, but I don’t know for sure.

1 Like

Good point, JD! From a technical perspective, I don’t think there are blockers to adding S2 to a Hub v2 but I don’t know of any specifics.

1 Like

Hi Brad

I’m ‘fighting’ adding a Fibaro Roller Shutter 3 to a v2 smartthings hub and noticed that ZWAVE_S0_DOWNGRADE was showing in the IDE for the device

It’s been a real bugger to get paired and I wondered if this might be due to the need to fall back from S2 that the FGR-223 supports to S0 that it will also support but only as a backward compatibility

Could you possibly confirm that v2 hub only supports S0 today and whether there is any news on potential to add S2 either to the v2 hub or the v3 hub

I can see this starting to get a real problem hence need to check and figure out what to do

Many thanks!

As I understand it, ZWAVE_S0_DOWNGRADE means the device tried to join with S2 but failed and fell back to S0. As S2 has not been implemented yet, devices that support S2 and join securely will pair with that security level.

So if you’re seeing that, the device supports S2 and securely joined with S0. Does the device function when paired?

Hi Brad,

Yes, it does appear to be pretty much fully functional … although i am still testing and refining the DTH

Getting it to pair took multiple tries of exclude and then include, and then it finally matched as a ‘Secure Dimmer’ before I switched the DTH

J.

The way it works is that the hub will establish the highest level of security connection based on the device and hub’s capabilities. So in this case, your hub does not support S2 yet, so the highest it can establish is S0. In near future, S2 functionality will be enabled and all the devices that do support S2 will be joined as S2 devices.

The Network Security Level determination is sort of wonky, and in in time will get refined to factor in security capabilities of both the hub and the device and determine the correct verbose status.

In the case of ZWAVE_S0_DOWNGRADE, It means that we settled for S0 while one of the parties supports S2 or higher.

The device will function even if joined as S0, while in some rare cases the devices may restrict certain info and functionality based on the security level, but I am not aware of any device that does that.

great, thanks!