Z-Wave Alliance Announces New Security Requirements for All Z-Wave Certified IoT Devices

The Alliance Board of Directors has voted to mandate all devices receiving Z-Wave Certification after April 2nd, 2017 to include new advanced Security 2 (S2) framework

FREMONT, CA- November 17, 2016 at 9 AM EST - The Z-Wave Alliance, an open consortium of leading global companies deploying the Z-Wave smart home standard, is extending its its leadership position by adding a security requirement to its long-standing interoperability certification. This is an important addition to its certification program that will require manufacturers to adopt the strongest levels of IoT security in the industry. The Alliance Board of Directors has voted to make the implementation of the new Security 2 (S2) framework mandatory for all products that are Z-Wave certified after April 2nd, 2017. The security measures in S2 provide the most advanced security for smart home devices and controllers, gateways and hubs in the market today.


The Z-Wave Alliance, along with its Board of Directors and members, have been working for the past several years to develop world-class security for its devices as the IoT expands into every modern household in the U.S. and across the globe. A 2016 survey by Intel Security showed that two-thirds of consumers are worried about cybersecurity of connected devices and recent incidents involving popular brands demonstrates the real need for industry leadership.

"This recent decision to make the S2 framework mandatory on all Z-Wave certified devices stems from a growing need for industry leadership in the smart home space to take the security and privacy of devices in the market seriously," commented Mitchell Klein, executive director of the Z-Wave Alliance, "No one can afford to sit on their hands and wait - consumers deserve IoT devices in their home to have the strongest levels of security possible. IoT smart home technologies that don't act will be left behind."

Z-Wave's S2 framework was developed in conjunction with cybersecurity hacking experts, giving the already secure Z-Wave devices, new levels of impenetrability. By securing communication both locally for home-based devices and in the hub or gateway for cloud functions, S2 also completely removes the risk of devices being hacked while they are included in the network. By using a QR or pin-code on the device itself the devices are uniquely authenticated to the network as well. Common hacks such as man in the middle and brute force are virtually powerless against the S2 framework through the implementation of the industry-wide accepted secure key exchange using Elliptic Curve Diffie-Hellman (ECDH). Finally, Z-Wave also strengthened its cloud communication, enabling the tunnelling of all Z-Wave over IP (Z/IP) traffic through a secure TLS 1.1 tunnel, removing vulnerability.

The changes to Z-Wave's technical certification program, which is administered through 3rd party test facilities in Europe, US and Asia, first established to test and certify Z-Wave devices in 2005 will check that all S2 security solutions, which contain rules for command classes, timers and device types are correctly implemented.

For more information on the Z-Wave Alliance, please visit http://z-wavealliance.org. Follow the Z-Wave Alliance on Facebook, Twitter and on LinkedIn for the latest updates.

For more information on Z-Wave, please visit http://z-wave.sigmadesigns.com/.

Featured Product

ELK Products -C1M1 Dual-Path Alarm Communicators with Remote Services

ELK Products -C1M1 Dual-Path Alarm Communicators with Remote Services

C1M1 offers a truly significant reduction in transmission time in comparison to other communicators that rely on dial capture or data bus decoding. This can result in quicker response time to emergency situations which could save lives and assets. By providing both IP and cellular pathways, C1M1 provides the reliability installers are looking for in an alarm communicator. C1M1 eliminates port forwarding and extra fees for remote access. Installers can remotely upload/download programming changes to M1 controls over IP or cellular using ElkRP2. Consumers can control the M1 remotely via the free ElkLink mobile app and web portal, as well as eKeypad and M1 Touch Pro apps. Other IP-based software and interface partners can connect to the M1 control over the local network through C1M1. C1M1 also provides email/text notifications for arm, disarm, and alarm events. ELK-C1M14GSM supports GSM (AT&T/T-Mobile) networks and ELK-C1M1CDMA supports CDMA (Verizon) networks.