Menu
IoT gear will need better security to win a Z-Wave badge

IoT gear will need better security to win a Z-Wave badge

Z-Wave's S2 security framework will be mandatory for certification starting next year

Tighter security will soon be mandatory for IoT devices that use the popular Z-Wave wireless protocol.

Starting next April, the Z-Wave Alliance will require all products to include its S2 (Security 2) framework before they can be certified as Z-Wave compliant. S2 is designed to prevent hackers from breaking into IoT devices that are on Z-Wave networks.

Home IoT has recently proved to be a dangerous vector for internet-based attacks, such as the one that corralled thousands of IP cameras and other devices into the so-called Mirai botnet that disrupted internet service last month.

Z-Wave is one of the main networking protocols for IoT, especially in consumer devices. Like Zigbee, Thread, and Bluetooth LE, it's used for short-range, low-power communications among devices that may be too small or power-constrained to use Wi-Fi. There are more than 1,500 certified interoperable Z-Wave products on the market worldwide, and more than 40 million units shipped, according to the Z-Wave Alliance.

The industry group introduced S2 last year in a bid to make Z-Wave products safer from takeover by hackers. The framework requires a QR code or PIN on each device for authenticating it to the network, and it uses an Elliptic Curve Diffie-Hellman secure key exchange. S2 also lets Z-Wave over IP networks tunnel traffic through a Transport Layer Security 1.1 tunnel.

The framework secures communication for both end devices, such as light switches and smoke alarms, and hubs and gateways that link Z-Wave networks to the internet.

IoT devices, especially consumer products, have raised Internet security concerns because some ship with big vulnerabilities, such as default passwords that are identical on every unit. Unlike the industrial connected machines of a previous era, IoT devices link up to the internet, so it's easier for attackers to get to them and take over. At that point, they can steal personal data, remotely control the device, get into other systems through the local network, or add the device to a botnet to carry out DDoS attacks.


Follow Us

Join the newsletter!

Error: Please check your email address.

Featured

Slideshows

Looking back at the top 15 M&A deals in NZ during 2017

Looking back at the top 15 M&A deals in NZ during 2017

In 2017, merger and acquisitions fever reached new heights in New Zealand, with a host of big name deals dominating the headlines. Reseller News recaps the most important transactions of the Kiwi channel during the past 12 months.

Looking back at the top 15 M&A deals in NZ during 2017
Kiwi channel closes 2017 with After Hours

Kiwi channel closes 2017 with After Hours

The channel in New Zealand came together to celebrate the close of 2017, as the final After Hours played out in front of a bumper Auckland crowd.

Kiwi channel closes 2017 with After Hours
Meet the top performing HP partners in NZ

Meet the top performing HP partners in NZ

HP honoured leading partners across the channel at the Partner Awards 2017 in New Zealand, recognising excellence across the entire print and personal systems portfolio.

Meet the top performing HP partners in NZ
Show Comments