Researchers exploit ZigBee security flaws that compromise security of smart homes – Network World

If you have an Internet of Things device, then it’s highly likely that you are using ZigBee whether you know it or not. There are other possibilities, including that your IoT devices use the Z-Wave protocol, which was beat up a couple ago by security researchers who used it to attack automated homes. ZigBee is a wireless standard used for connectivity to controls IoT devices. It’s used in “tens of millions of smart meters” and there are 1,088 items listed as ZigBee Certified products. It depends who you listen to, I suppose, as to whether you believe ZigBee is great or if ZigBee is a great threat to the Internet of Things due to critical wireless security flaws that can be exploited to compromise smart lights, door locks, motion sensors, smart switches, temperature sensors, HVAC systems and other “smart” home devices.

Li Jun and Yang Qing of Qihoo360’s Unicorn team, presented “I’m A Newbie Yet I Can Hack ZigBee – Take Unauthorized Control Over ZigBee Devices” (pdf) at Dec Con 23. Their goal was to teach users to hack ZigBee as well as to teach users techniques to prevent hackers – or anyone without authorization – from taking control of their ZigBee-enabled appliances; they showed how to find the encryption key in firmware and sniff the network key as it is sent in plaintext.

ZigBee key sent in plaintext

But that wasn’t the only talk to beat up ZigBee as Tobias Zillner, senior IS auditor at IT security firm Cognosec, also warned that hackers could compromise ZigBee networks and then “take over control of all connected devices on a network.” Zillner presented “ZigBee Exploited the Good, the Bad, and the Ugly” at Black Hat USA (slides pdf). Network encryption keys are briefly transmitted in the clear when a new device joins the network. Some devices use the default master key, meaning that is what is transmitted when a new device is added to the network. The key could be captured by an attacker or a thief who could, for example, pull an open sesame on a smart door lock.

Exploiting ZigBee for device takeoverTobias Zillner and Sebastian Strobl

Back in 2013, Philips Hue light bulbs were dubbed “highly hackable” after a researcher injected malware into the Hue bridge and blacked out the lights. The smart bulbs constantly search for new devices to pair with, Cognosec researchers said, which makes them easy to reset to factory defaults. An attacker can capture the unencrypted key transmitted by the Hue bulb when it reboots.


Write a Reply or Comment:

You must be logged in to post a comment.