Smart home devices such as smart door locks or smart thermostats may use Z-Wave, Zigbee or Wi-Fi wireless communications.
Ross Werner, chief architect for San Jose, Calif.-based security and smart home equipment manufacturer Qolsys Inc., explains the cyber security protections provided by each of these protocols. “Z-Wave devices fall into two categories: secure (access devices such as door locks) and non-secure (light switches, thermostats, etc.). Secure Z-Wave devices use 128-bit AES encryption; this is what financial institutions and governments use to protect sensitive data. It is built-in, always-enabled, not even possible to be disabled,” Werner explains.
Encryption helps prevent an unauthorized user from using a “sniffer” device to listen to communications in order to learn passwords or other sensitive information.
“Z-Wave also benefits from an explicit pairing process where the network controller has to sync with a new device and exchange security keys,” Werner continues. “The latest version of the Z-Wave [software development kit] is fully encrypted.”
Zigbee is a bit more complicated because each one of multiple vendors has implemented its own version of the networking stack. Overall, though, “if you look at Zigbee 3.0, with proper implementation, its security is comparable to Z-Wave; it also uses 128-bit AES and has a pairing process between devices to the network controller,” Werner says.
Ensuring Wi-Fi security “requires first enabling a robust security protocol and then strong passwords to keep the communication secure,” according to Werner.
Dave Mayne, vice president of product management for Hudson, Wis.-based manufacturer Alula, notes that most Wi-Fi smart home equipment has encryption as a default setting. A bigger concern, he says, is whether an unauthorized Z-Wave device might be able to connect to a Z-Wave network.
Devices used with Alula and some other smart home systems have a feature that requires the passing of secure software keys — which Mayne says could be thought of as device passwords — back and forth between the system and any device that wants to join the network.
According to Mayne, “not all manufacturers do that well.” Accordingly, he advises dealers to ask the manufacturer of any smart home equipment what that manufacturer does to make sure that only trusted devices can join the network.
As for encryption of wireless protocols, Mayne comments “You’re always playing a game — hackers try to break [encryption], you enhance it and the hackers try to break it again.”
Recognizing that, dealers will want to keep up with new developments in encryption technology and when appropriate, consider replacing or, if possible, upgrading existing devices so that they have the most current technology.