[App] Fibaro by Athom

The devices must support the S2 security standard in order to be included “secure”. The security standard S0 is not supported by the current Homey firmware v7.1.3.
All Fibaro devices you mentioned only support the S0 security standard, so they are included as “unsecure”.

Is this by design and the situation going forward, or a bug in the current version?

According to Z-wave Alliance certification, all Fibaro devices I own have these specs:

Supports Z-Wave Network Security? Yes
Supports Z-Wave AES-128 Security S0? Yes
Supports Security S2? No

What kind of security (of any kind) can I expect to have with Homey 7.1.3?
Am I getting AES-128 encryption at all?

Intended yes (since firmware v7.x), if that will change in future I don’t know. Please ask Athom (support@athom.com) for this.

That’s what I told you.

S2 Authenticated (with PIN)
S2 Unauthenticated (without PIN)

S2 is also an AES-128 encryption. Quote Aeotec Webseite: “S2 enhances Z-Wave Plus, Gen5, and Gen7 with an additional layer of AES 128-bit encryption of wireless signals coupled with pro-security grade UL 1023 compliance.”

I am not an in-depth Z-Wave and Internet expert, but from my point of view it is quite unlikely that a burglar would try to hack the Z-Wave network in a normal household in order to break in “more easily” or to deactivate the alarm system. The necessary effort is relatively high. Maybe the possible danger is higher in villas or commercial buildings, but there I would not use a Homey or radio-based devices.
An attack via the Internet is much easier in my view.

Homey includes all devices with S0 as unsecure, this is by design since Homey v7 as they had too many issues (too slow) with devices included as secure on S0 (especially battery devices).
Lots of users already used a workaround to include devices before as unsecure.

The developer of said app can still enable it for example for Z-Wave based locks but it will have to be enabled in the code of the app, it can’t be chosen by users.

Thank you all for your comments. Based on your responses, it seems that the current configuration is most optimal, though not the most secure.

Just an additional info. You can force a S2 device where a PIN is needed to include it as unsecured by using a wrong PIN. e.g. 00000. This could be necessary if you want to use associations.

Btw, there is already a request to Athom (Athom partially reads posts in the forum, but in principle does not respond to them) that it should be made possible for the user to choose during inclusion if a security standard should be used or not.
If you are also interested in this, then you can like the post.

1 Like

Could someone please give me some advice on Associations?

I have a wall plug and two flood sensors which I want to be directly associated with each other - the flood sensor activating the wall plug

Could someone advise exactly how I do this?
My understanding is that if I associate then that should trigger irrespective of the hub, but does this first need setting up in the hub?

Frustratingly it seems the UK plug still only connects as a basic Z-wave device (it does take the 5 digit code on inclusion), so I don’t know if this affects things?

Thanks!

First, both devices must be included with the same security standard, e.g. unsecure - insecure / S0 - S0 (only exists for already included devices before S2 was introduced) / S2 - S2.
Regarding S2 I’m not sure if S2 (Unauthenticated) works with S2 (Authenticated), but I guess it does.

So if the plug and the flood sensor have different security standards, then I don’t really need to explain anything further. Please let me know.

I’m not entirely sure what you mean, but both are zwave plus, both are fibaro and both support association so possible that they should work?

You can find infos about the security standard for example in Homey Developer Tools.
Go to Z-Wave and then you find a list of all your Z-Wave devices. On the right side of the table you can find infos about the Z-Wave security standard of each device:

Bildschirmfoto 2021-10-01 um 12.22.33

Why I’m telling all the things about the security standard? Because you mentioned this:

And the code is used for devices that are included with the S2 (Authenticated) security standard. And if the flood sensor is included unsecure, then it doesn’t work.

But surely that would be stated in the Fibaro manual etc if that were the case? If two devices cannot work together on the same protocol then surely that’s a different protocol and should be advertised as such?
Or is this a Homey issue?
Can I not connect the plug in unsecured mode?

NB, the flood sensor shows as insecure in the app and didn’t ask for a 5 digit code on inclusion

Out of the Fibaro flood sensor manual.

Fibaro Flood Sensor Secure and Fibaro Plug unsecure No Problem, just adjust Parameter 78.

Fibaro Flood Sensor unsecure and Fibaro Plug Secure. No way!

Both devices secure (same security standard) or both unsecure also no Problem.

1 Like

Because I am very forgetful, I had to search briefly in the forum.
If you enter 5 zeros (00000) instead of the five-digit code for the inclusion, then the wall plug should be included unsecure.
And if the flood sensor is also included unsecure, or the flood sensor is included secure and parameter 78 is adjusted, then it’s possible to you use associations like @Osorkon mentioned.

With other SmartHome gateways it’s possible to choose the devices should be to included securely or unsecure, but not (yet) with Homey. That is why @Edwin_D has made a request:

1 Like

Okay, so if I include the plug with 0000 I can then set a direct association,?
How would I do this?

The association must be set in the advanced settings of the flood sensor.
But to be able to give you more information we need to know the firmware of the flood sensor. Didn’t know it before.

Sorry, but your case is really complicated… :joy:

So please have a look which firmware is installed.

The one I have connected says firmware version 3 in Homey
I have two more unconnected at the moment but will assume they’re the same for now!

So it appears I want to associate with 2nd Association Group on the plug (which is now connected to Homey unsecured). Still not sure exactly how i do this tho! I see the association groups in advanced settings, but not sure what to enter

Ok, I guess it’s 3.2 or 3.3 and not 3, because 3.0 was never released.

Open the advanced device settings of the flood sensor → open Group 2 → fill in the Node ID of the plug → Back → Wake up the flood sensor → Confirm with the check mark in the upper right corner

If this is done and it was confirmed with “Settings were saved” then please test it if it works.

Odd. It just says 3, but assume you’re right
I’m assuming Node ID is Device ID?

I entered the DeviceID in the settings you said (46 in my case) and tested it. Nothing :frowning:

The complete firmware no. is listed in 2 lines.
Advanced Device settings

Developer → Devices
image

Node ID = Device ID
Node ID in Developer
Device ID in Advanced Device Settings

  1. Did you checked the security standard of both devices?
  2. After confirming the changes, was the notification „Settings were saved“ shown? Or an other notification?

Please post screenshots of the advanced device settings of bot devices.