[REQUEST] User selectable Z-wave security levels in order for associations to work

Edwin_D · July 30, 2021, 3:26pm

Z-wave associations are a very important feature for 2 main reasons:

Buttons can send commands directly to light bulbs, so if Homey isn’t working the lights can still be controlled.
Dimming works way better using buttons (e.g. by long press).Gradual dimming using flows is slow, uneven and unresponsive, and/or Homey disables the flow for firing too often.

Also, currently zigbee has no good working alternative that Homey supports and works for all zigbee devices.

As of version 7.0, Homey supports more z-wave security levels. That is great for locks and such, but not so much for associations. Because associations need the same security level for both devices in order to work.

As not all devices support the same security level, and Homey picks the level, associations are basically broken now if both devices have different security levels. That is why it is important that users are able to select a lower security level for devices that do not require premium security, so they can pick the level that both devices support.

Also important to note, that at this time developers are also not able to implement a way to lower security for S2 supporting devices either.

As I really want to be able to support dimming by long press and no longer can do that anymore, and because I experienced Homey outages more than once, I think this is really, really important to get right.

Da_JoJo · July 30, 2021, 3:54pm

Second that !
It’s required to be able to use slats setting in walli and v3 rollershutter as well.

DirkG · August 1, 2021, 12:39pm

Just a post to push the thread back to the top…

Ryvaenge · August 2, 2021, 1:12pm

Bumping for Homey Attention!

As “Includesecure: false” is no longer working, I see there is a new thing called “requireSecure”: true" tried with “false” with no success. So if anyone know if there is any new way in manually changed code to force unsecure inclusion, please tell me

Da_JoJo · August 2, 2021, 5:16pm

Didnt try but maybe putting wrong pincode or discard will backfall to non-secure inclusion ?

Edwin_D · August 2, 2021, 6:18pm

Most devices I got don’t ask for a pin.

Ryvaenge · August 2, 2021, 7:17pm

Yes I have tried that with a new device I got with sucess (00000), the problem is all other devices that don`t ask for it as Edwin says.

Da_JoJo · August 2, 2021, 8:59pm

That will be the S0 and S1 level devices, which is the majority of them. So there is a stale there.
Basicly comes down to compatibility/supported functions and way slower network that causes delay and outages. Which is imho the wrong choice made in security vs usability.

DirkG · August 3, 2021, 11:11am

Not exactly. There are 2 different S2 standards:

S2 (Unauthenticated)
S2 (Authenticated)

Afaik, S2 (Unauthenticated) also doesn’t need a pin.

Edwin_D · August 3, 2021, 12:42pm

It is indeed S2 unauthenticated I am talking about, S0 gets added unsecure nowadays and can programmatically be forced to include secure by an app developer. But S2 unauthenticated cannot be forced to something else.

For S2 there is a flag that can forbid unsecure, which sees to be of little use as s2 is selected anyway by Homey.

Da_JoJo · August 3, 2021, 1:01pm

Yes correct. Pincode and ‘pin’ are not the same thing. Pincode is a extra layer for using pincode on locks etc. Where ‘pin’ is a part of the key on the device used for authentication for the security level, the unauthenticated is still secure include. S0 is insecure inclusion by default, but can use pincode . Sx is insecure and same as S0 nowadays. Anyway we need S0 inclusion as an option.
Problem is S2 is mandatory and CAN be changed to lesser level S0 but it need an option for that which we don’t have and according to new z-wave alliance docs is not allowed.

DidierVU · August 5, 2021, 10:36am

Did you already sent this to support@athom.com?

Da_JoJo · August 5, 2021, 10:42am

I did

Edwin_D · August 5, 2021, 1:50pm

Yes, but as always they will not reply to feature requests.

Thierry_Sabatier · August 7, 2021, 12:35pm

hello, are you sure that by entering a false pin for example: 00000 the inclusion is not secured even with version 7 of Homey? So real, in this case, we can resume the “workaround” of @AK47 to close and open the slats of the Venetian blinds by sending a Hexadecimal code via the Zwave “card”: send raw command for the Fibaro Roller Shutter 3… Can you confirm … ??? thank you

Edwin_D · August 7, 2021, 9:35pm

All devices I have use S2 unauthenticated and do not ask for a PIN, so there’s now way to interact with the pairing process.

Thierry_Sabatier · August 8, 2021, 9:09am

Yes but I ask you if I enter a wrong PIN (eg 00000)on the Fibaro “Roller Shutter3” (which require for a PIN), will the module be included in an unauthenticated way? which would allow we to use the Zwave “card”: “send raw command”

JPe4619 · August 8, 2021, 12:18pm

Try and you know?

Edwin_D · August 8, 2021, 12:24pm

How would I know?

Osorkon · August 8, 2021, 5:55pm

As Inspiration for Athom, how it can work.

Topic		Replies	Views
[APP][Pro] UnZ-Cure (add z-wave devices unsecure) Apps app , z-wave , tools , devices , homey-pro	39	4856	September 25, 2023
Z-wave: one security concern Questions & Help z-wave , security	4	921	December 4, 2021
Homey Pro, Hubitat, and ZWave/ZWave Plus Devices z-wave , homey-pro	12	308	March 9, 2024
Secure Z-wave; Necessity or waste? Questions & Help z-wave , homey-pro	17	1347	March 9, 2023
ZWave Timeout with Homey Pro Questions & Help	15	1387	December 11, 2021

[REQUEST] User selectable Z-wave security levels in order for associations to work

Related Topics