Looks like 8 companies received ZigBee 3.0 certification, including Samsung.
Interesting. Note that what has been certified is a specific zigbee board that would normally be sold as a part to other device manufacturers. No idea whether they intend to use it in a future SmartThings hub or not, although obviously that’s possible. It’s called the Samsung SamZ 1.0 , but I haven’t heard anything else about it.
Also, just to get this out-of-the-way:
ZigBee 3.0 certified products based on the new platforms will be backward-compatible with existing ZigBee certified products that, collectively, represent the world’s largest installed base of IoT products.
Link to SamZ certification noted by @JDRoberts above.
I’m of the opinion that ZigBee Alliance doesn’t have very high standards for certifying devices. It feels like the bean counters are getting things pushed through so they can collect the fees. After all, this is their business model.
Many certified devices I have seen are broken in some way. This is really unfortunate because it undermines the excellent standard they’ve created. If they aren’t careful they’ll cause people to turn away from ZigBee because of this.
That hasn’t been my experience, and I’ve been working with zigbee for a long time. Zigbee is a solid inexpensive low-energy draw protocol. There’s a reason you probably already have two or three zigbee networks in your house and don’t even realize it – –one in a cable set top box, one in a smart meter, maybe some others.
If you get a high-end Home automation system like control 4, it’s almost certainly using Zigbee.
Medical monitoring systems in thousand bed hospitals commonly use zigbee…
For that matter, the Phillips hue bridge and most smart bulbs use zigbee.
That said, because of the scalability and low-energy draw zigbee is very popular in China, and you can buy a ton of really inexpensive very poorly made devices if you go on AliBaba and just search for the cheapest thing in any one device category. But that doesn’t mean the protocol is bad.
The most recent generation of the Samsung branded sensors, the ones not made by centralite, do seem to have some design flaws. But again, it’s not zigbee that’s the problem if the battery pin breaks off.
If you stick with quality companies like Phillips, Centralite, Compacta/SmartenIT, Schneider, NYCE, etc, you should be fine.
If a manufacturer wants a device to
be compatible to other certified devices from other
manufacturers, the device has to implement the
standard interfaces and practices of this profile.
To provide this kind of interoperability all ZigBee
Home Automation devices should implement so
called Startup Attribute Sets (SAS) and thhe use of the default TC link key “ZigBeeAlliance09” introduces a high risk to the secrecy of the network key
Also Samsungs new tv remotes will be zigbee, galaxy s8, and next generation tabs will contain zigbee
The problem is with interoperability between different manufacturer’s devices. Nearly all the ZigBee devices @JDRoberts mentioned are closed systems.
There are very specific requirements in the ZigBee HA spec that some devices just plain don’t implement. Like the Cree bulbs without attribute reporting.
I don’t think the TC link key is a big deal. It’s only vulnerable when pairing, and I can’t think of a better solution for devices without any user interface.
I do have to say that all the Centralite products I’ve tested follow the spec exactly; I respect their engineering.
The security of ZigBee is highly reliant on the secrecy of the key material and therefore on the secure initialization and transport of the encryption keys, this fallback system has to be considered as a critical risk.
Its not difficult to sniff a device join using default TC link key, which compromises the active network key and the confidentiality of the communications of the whole network might as well be considered compromised.
If its just a light switch or bulb then not much of big deal but throw in cameras, locks, hvac, garage doors, etc and thats a different story.
Well, you didn’t address how to solve the problem on a device with no UI. If someone wants into my house they’ll probably just wait until I’m gone and break a window.
I wonder if Z-Wave has this problem now that they are opening up the standard. I don’t think they’re opening it up that much, though.
I still use zigbee, will continue to. The mesh is more stable.
Its going to take a lot of patience, a pretty quick Kali setup or custom KillerBee running SecBee and good timing. Like you said if someone wants in theyre going to use a window. Cyber espionage, large corporate targets (both my wheelhouse) are where these vulnerabilities have highest potential of being exploited.
Ouch! Samsung/ST was not in your list of “quality companies”
At the present time, Samsung does not manufacture any zigbee home automation devices other than maybe the hub itself, which isn’t what we’re talking about here. And the brand-new SamZ board which is a part that will go into other devices and Will have to be evaluated then.
The original SmartThings branded zigbee devices were all made by other companies, including Centralite.
That’s not uncommon – – centralite makes zigbee home automation devices which are sold under many different brands. You’ll notice I didn’t list Iris or peq either, but that’s because they are also rebranding OEM zigbee devices (mostly from centralite).