New 2017 Z-Wave Certification Requirement: "Security 2" "S2"

Interesting news. A new security standard for Z-Wave. Each device will be factory programmed with a unique pin.

OK, CNET totally screwed up that story. :scream:

Zwave’s Security 2 Framework isn’t new: it was introduced at the end of last year.

And the details were included in the public release in September.

What is new this week is that The alliance adopted a new certification requirement and as of April, 2017, all certified zwave devices will have to support the S2 framework.

FREMONT, CA–(Marketwired - November 17, 2016) - The Z-Wave Alliance, an open consortium of leading global companies deploying the Z-Wave smart home standard, is extending its its leadership position by adding a security requirement to its long-standing interoperability certification. This is an important addition to its certification program that will require manufacturers to adopt the strongest levels of IoT security in the industry. The Alliance Board of Directors has voted to make the implementation of the new Security 2 (S2) framework mandatory for all products that are Z-Wave certified after April 2nd, 2017.

This will affect any SmartThings-branded Z wave devices, which right now is just the hub and the future “extend” dongle.

It’s interesting that they described this as “HomeKit type security.”

Anyway, not a new standard. Rather a new certification requirement that beginning in April 2017 Z wave devices seeking certification will have to support the existing standard. Up until now it has been optional.


Thanks for the information. @JDRoberts :arrow_left:️ An IoT encyclopedia. Always impressed by your knowledge.

1 Like

Is anyone aware if the SmartThings hub going to updated to the new S2 security standard?

Eventually there will probably be some hub device with S2 certification, but staff have said in the forums that it won’t be anytime soon, nor have they said whether it would apply to existing devices.

Thanks. I read where all previous Z-Wave devices are capable of the upgrade, that it’s up to the individual manufacturers to release the updated firmware for the device (obviously) However, it all starts at the hub, and based on the retail popularity the Samsung SmartThings hub has, it’s concerning to me as an IT Professional to learn that they haven’t already taken this critical step now months later. Note to self for future Smart Home considerations x10.

The fact that the Z wave chip itself can be updated doesn’t mean that the processor that manages the incoming and out going Messages has available processing power to handle it.

That’s come up with Z wave systems from other manufacturers even when The original security class for locks was introduced. Sometimes they have their CPUs running at about max as it is.

That’s interesting, I assumed based on what I read that the Sigma Designs vice president would have factored that in with his statement. Would you know of a site whereas they compare the “requirements” of the new S2 standard versus the previous standard? BTW thanks for the conversation.

As far as Samsung is concerned, the newer SmarthThings Hub witha 1GHz ARM Cortex-A9 processor, 512MB DDR3 RAM, and 4GB of Flash Memory should be plenty of power to support a protocol, no?

They never do. :wink: This has come up multiple times with changes in the Z wave standard. It’s up to each manufacturer exactly how they use the chip so even though the chips are the same, there still has to be a processor to handle the traffic and apply any additional rules engine ( like a SmartThings routine or smartapp). This is why different certified controllers support different commandsets once you get above the “basic” level.

Would you know of a site whereas they compare the “requirements” of the new S2 standard versus the previous standard?

The SDK is publicly available on the Z wave alliance site. The following interview is a good “plain language” discussion of the changes: