Apologies upfront - these questions may have been asked already … but I was not able to find them.
(very basic) Is it possible to mix up S2 and non-S2 devices in one ZWAVE network, with the S2 devices actually providing S2-level security?
(related to a response I got from AEOTEC support) Who needs to do what for the AEOTEC Z-Stick GEN5 to support S2 in Openhab?
The Z-Stick Gen5 does store the secure key in its memory as a primary Z-Wave controller but does not use it without the use of software, this is left up to the third party software to handle security. Software dictates what security framework that is used, while you will not need to update the firmware of Z-Stick. It is the software that you are using with Z-Stick that needs to support S2 framework in order to deal with encryption and decryption of secure devices. In this case, the secure key is stored within the software of your third party Z-Wave software.
If you are looking to pair Z-Wave S2 framework devices to your Z-Wave network using S2 security, you must make sure that your third party software supports S2 security.
It doesn’t matter if Z-Stick specifically supports S0/S2 or is Z-Wave Plus or not, it all boils down to third party software support. You could use a Z-Stick S2 (Model DSA02) which is a series 300 chipset that is pre Z-Wave Plus when S0 framework was not supported, and still pair Z-Wave Door Locks that require S0 framework support as long as the third party software connected to the Z-Stick S2 supported S0 security framework.
Cheers,
Chris Cheng
Field Application Engineer
Aeon Labs
Thanks for this quick response.
I like to understand ZWave a little better, regarding security: is there any risk of somebody hacking into your home automation system via Zwave devices that are not secured? Specific example: if I run my smart plugs without security, is there a risk of someone hijacking my Openhab system?
Yes, of course this is possible. It’s not especially easy, although that said, it’s not hard if you really wanted to do this. I think though that most hackers won’t be too bothered about turning your lights off, and I’ve never (yet!) heard of anyone having their lights hacked.
You should definitely use security on any locks, door openers etc though. In fact most locks will not work without security so there is no option in most cases anyway.
Yes - to include a device securely it must be reset, and / or excluded from the network. The key exchange can only take place within 15 seconds of the device joining the network.
All communications with a door lock is secured - always (actually, not really “all” communications, but anything to do with the lock certainly is). The security protocol involves exchanging keys between the two end devices, so even if a plug is used in the middle for routing, it can not be used to change the commands that are sent.
Personally, I don’t think it’s a significant concern. I live in the country and I think the chances of someone coming along and hacking my ZWave network just to turn off my lights is pretty low, and the impact is negligible (yes, it would be annoying, and if it happened a couple of times, I’d secure the network, but it’s not a security risk).
So, my answer would be no, but it’s up to you to decide.
Thankyou. I guess I’ll ignore it for now than. Though The UniFi report for neighboring access points for the last 24 hours shows 306 hits so were nowhere near the country which I guess makes it slightly more of a concern.