Z-Wave Plus with S2 NOT SECURE

They do. It’s just a confusing error message (which is coming from smartthings, the Z wave protocol does not mandate the format of error messages).

Backwards compatibility is part of the zwave protocol.

So the S2 protocol was made mandatory April 2017. So now, nearly 3 years later this is still not functional?

I can’t recall any devices actually coming to market with S2 support until late 2018.

The smartthings 2018 hub specifically was given a waiver on S2 compatibility with the understanding that they would get there eventually.

ADT certified their first S2 z wave hub less than a year ago and brought it to market about 6 months ago.

https://products.z-wavealliance.org/regions/2/categories/25/products

The security systems are bringing it on first, which you would expect. The home automation systems are moving in that direction, but it may still be another year or two before it’s really common.

It used to look like this (this is from a comment by a smartthings customer support staff member)

It sounds like the device didn’t securely include. ZWAVE_S2_FAILED indicates the device supports S2 but did not securely include. Because S2 is not currently supported, you will see ZWAVE_S0_DOWNGRADE for devices that securely include and support S2.

Meaning if a device that supports S2 security attempts to pair securely, the ST hub will tell it that this particular network doesn’t support S2 and it should fall back to the S0 security framework and pair securely using that.

But I don’t know if that message is still what they’re using.

Tagging @Kianoosh_Karami @Brad_ST

1 Like

Also, thanks for your quick responses and insight JDRoberts!

I went with Smartthings to get started. I still have a standalone ADT security system that is prewired into the home and have not decided to take things that far with door sensors and such. My ADT hub has z-wave controller, but they want extra money to access features to control lights and stuff. At the additional monthly ADT price I basically paid for the ST hub in 2 months.

What really drove me to Smartthings was seeing the Konnected device to integrate existing alarm systems into my smart network… and hopefully ditching ADT :stuck_out_tongue_winking_eye:

So, for now light switch security is not a big deal. Trying to understand this issue and get the basics down. Without knowing how this system works I can’t feel confident. I would hate to take this to the next level with the alarm system and find out there is zero security.

I know that more nefarious people will lack the knowledge and tools, but smart devices are prevailing and criminals use tools to steal credit card info all the time. So, I do not just play ignorant that nobody is trolling the streets with the tools to do these things. Much easier to just pay some money black market to get a tool that sniffs around and unlocks doors or disarms security panels. Doesn’t mean they have to know how it works as long as it is easier than breaking down a door.

Thanks JDRoberts! I had seen mention of “ZWAVE_SO_DOWNGRADE”. Thats why I’m so confused now. Since mine shows the “Failed” message I have no assurance is any security is implemented or not. Maybe its a bug. But, all I know is the message it displays can only lead me to assume there is absolutely no secure connection, which I feel is unacceptable. The weirdest part of this, is that I cannot find mention of this specific error message anyone online.

Maybe I’m the first? :man_shrugging:

Hmmmm…

You know that Konnected doesn’t change SmartThings’ cloud dependency, right? Whether you have Konnected or not, notifications will come via the Internet from the smartthings cloud. So that’s two points of vulnerability right there.

Also, smartthings can and does take your hub offline Fairly often, historically at least once a month, just for maintenance update. You can neither refuse nor defer these. We usually get a couple of days notice, but not always. And it’s only supposed to be off-line for a few minutes, but it’s been known to go down for longer than that, in one case more than a day.

Again, all of which is acceptable for a cheap home automation system, but typically not acceptable for even a cheap security system.

That’s not just my opinion. The company says so themselves in the official product usage guidelines (Emphasis added)

  • Data accuracy and consistency from SmartThings sensors, including those provided by SmartThings directly, resold by SmartThings, or supported by SmartThings, is not guaranteed. Therefore, you should not rely on that data for any use that impacts health, safety, security, property or financial interests. For example, because temperature readings may vary significantly from reading to reading on an individual device, between devices, or over time, those readings should not be used to control heating and cooling in environments where food spoilage, health risks, or damage to physical goods could occur. Alternately, presence data from SmartThings devices or mobile/Smartphones can vary in accuracy, and therefore should not be used to control access to secure locations without secondary authentication.

Konnected is a great product, but people mostly use it who have an existing security system and want to also trigger some of their home automation features, like having lights come on. Or who buy a house which has existing wired sensors with no controller and they want to use those sensors for home automation purposes like changing the thermostat if a window is open. It’s not in any way a substitute for a real security system.

If your primary goal is to replace an ADT system, I would look at Ring, simplisafe, abode, or Lifeshield. All of which have battery back up, cellular communications, optional professional monitoring, non-mesh security sensors, and some home automation features. Features do vary from system to system, so you would still have research to do. But I just wouldn’t consider smartthings a candidate for that particular use case.

1 Like

First rule of smartthings: it’s never just you. :wink:

But that’s a smartthings message, you’ll only find discussion of it in this forum. Where there are several threads. I just didn’t previously point you to any of them because it’s an area where there have been a number of platform changes over the last year so a lot of the posts would be out of date and probably confusing. Particularly some of the ones referring to bugs which have since been fixed.

I also am having problems with Aeotec devices:

I have added a Aeotec Nano Shutter (ZW141-C) which displays the following error:

  • networkSecurityLevel: ZWAVE_S0_DOWNGRADE

and a Aeotec Dual Nano Switch (ZW140-C) which displays the following error:

  • networkSecurityLevel: ZWAVE_LEGACY_NON_SECURE

I am also concerned that the Dual Nano switch has completely disabled all security protocols with the error code displayed. The Nano Shutter is definately S2 but I am unsure for the Dual Nano Switch as the box does not say S2 only Z Wave Plus and G5.

I am unsure what firmware version either Aeotec device is running. is there a way to interogate the firmware version from smartthings? Is the fireware upgradable via SmartThings?

On a further note I am also having problems with the Nano shutter device handler, it appears to work fine with the “Aeotec Nano Shutter V2.0” with the SmartThings Classic App however appears garbled and is non-operational With SmartThings Modern.

Prior to loading the “Aeotec Nano Shutter V2.0” Device Handler the Modern SmartThings app appeared to work okay fine with the “Z-Wave Basic Window Shade” Device Handler but I was unable to set up the Nano Shutters parameters.

On Aeotecs website they state " Note: This device handler is not designed for firmware V3.0." however I have not been able to find out the modules firmware version so far.

SmartThings doesn’t yet fully support S2 security, so your S2 device was set up using the previous security standard (S0). This doesn’t mean all security protocols were disabled, it just means that it’s using an older security standard rather than the newest one. This is an issue on the SmartThings side, not the device side.

Looks like your switch doesn’t support S2, which is why you got the message that it’s using a legacy security standard rather than the most current.

You can check the firmware version in the IDE by logging into your account here:
https://account.smartthings.com/login
Then navigate to devices, select the device, and view details.

SmartThings has OTA updates for zigbee devices if you choose to allow them, but I don’t believe they have OTA updates for z-wave devices yet.

Lots of custom device handlers either don’t work at all in the new app, or have very limited functionality in the new app. To access the full functionality of custom device handlers you need to use the classic app. In some cases you can use the classic app and custom device handler to configure the device the way you want it, then switch the device handler to the stock one that works with the new app.

1 Like

Well I have an update this morning. I added a new GE/Jasco switch to my home. It is the same as the other switches and dimmers I already had. When I went to add the switch in smart things it actually required the QR/security DSK from the switch. I scanned the QR code and voila, the switch connected with S2 security enabled. I began to exclude and add my other switches and they are now being added with S2 security as well. Looks like Samsung finally put out the S2 protocol.

2 Likes

Had same issues with Fibaro Roller Shutter 3 FGR-223, “couldn’t connect securely” . The device was undiscovered even if press skip, excuding also not working. Reset device several time, same issue.
Fixed the problem by removing the device , connect a cable to L and N and plugged in the power socket, it worked very easy to add to network. Installed again with the switch and calibrate the roller, no problems.

I have a v2 hub and recently in excluded/re-included the Ring Range Extender which is now showing up as
“ZWAVE_S2_AUTHENTICATED”
image

I also have a Zooz Zen27 (v1) switch downstream from the ring extender, which i’ve reset/excluded & re-added but it is still showing ZWAVE_S2_FAILED>
image

Should the Zooz also connect as S2?

Tagging @TheSmartestHouse

Per https://www.thesmartesthouse.com/products/zooz-z-wave-plus-s2-dimmer-switch-zen27-with-simple-direct-3-way-4-way " - “S2 security for a smarter and safer connection”.

@Speeder when you added the device did you scan a barcode or manually enter the DSK/Pin for the device?

it did not prompt for a PIN for the device. I simply did the “scan nearby” in the new app and it found the device after i tapped up paddle 3 times.

I see. Currently S2 isn’t supported when using Scan Nearby. If you exclude and re-add the device from the device catalog rather than Scan Nearby, you should be prompted to scan a barcode or manually enter information. Doing one of those will allow you to add the device with S2.

thanks. I’ll try it again via the device catalog. Is the 4 digit number in front on the metal plate the PIN?

That is likely the date sticker. The DSK sticker is probably located elsewhere.

While the switches support S2 security, they don’t support SmartStart yet so there won’t be a code to scan anywhere on the product. The platform should be able to include them securely regardless unless S2 was only implemented for SmartStart devices.

Is the DSK listed on the device?

As illustrated by a Figure 1 in SiLabs’ whitepaper, the user needs to “Enter S2 DSK into
Gateway Interface”. In this instance, that means either scanning a QR code with the DSK info or manually entering the DSK information in the SmartThings app.

1 Like

If I am correctly remembering a recent Zooz switch pairing I did on my network… I picked the switch through the brand list while pairing and the switch was included securely, with the result in the IDE showing “ZWAVE_S2_UNAUTHENTICATED”. No DSK was used nor any QR code scanned.

1 Like