Your Z-Wave smart home gadgets just got more secure

Announced last year, new, stronger security standards for smart home gadgets that speak Z-Wave are live as of today.

Ry Crist Senior Editor / Reviews - Labs
Originally hailing from Troy, Ohio, Ry Crist is a writer, a text-based adventure connoisseur, a lover of terrible movies and an enthusiastic yet mediocre cook. A CNET editor since 2013, Ry's beats include smart home tech, lighting, appliances, broadband and home networking.
Expertise Smart home technology and wireless connectivity Credentials
  • 10 years product testing experience with the CNET Home team
Ry Crist
2 min read
Tyler Lizenby/CNET

Smart home gadgets typically use some sort of wireless radio to communicate with each other -- and the creators of those gadgets must take steps to ensure that those wireless transmissions are secure. Now, the makers of the popular Z-Wave protocol are implementing stricter security standards designed to keep your connected home safe from attack.

The new standards going into effect today are known as the "Security 2" framework, or S2 for short. They were first announced last year in the wake of a massive botnet attack that briefly brought down much of the internet by flooding key servers with bogus traffic requests. Many of those requests came from unsecured smart home devices with unchanged default passwords -- the hackers used those default passwords to scoop them all up and control them en masse.

Z-Wave devices weren't uniquely vulnerable to that attack -- most of the devices involved seem to be things like internet-connected printers and DVR boxes, along with cheap IP cameras with poor security standards. Still, the Z-Wave Alliance felt like the time was right to reassure consumers by stepping up security.

Which connected camera is best for your smart home?

See all photos

In addition to new cloud communication safeguards, S2's most notable change is a new focus on gadget-specific pairing codes that come packaged with or printed on the devices themselves. You'll need those codes during the initial setup process to pair with the device and control it. It's essentially two-factor authentication for these gadgets -- the idea is that, without those codes, hackers won't be able to take control of your gadgets from afar.

The S2 framework is also designed to be backward compatible wherever possible, which means that it will apply to existing Z-Wave gadgets and not just new stuff. For example, existing smart deadbolts that speak Z-Wave might now ask you to enter a randomized code displayed on the lock during the setup process.

That also means that if you already own any devices that speak Z-Wave, today would probably be an excellent day to check for firmware updates.