Black Hat 2015 Security researchers have exposed new flaws in ZigBee, one of the most popular wireless communication standards used by Internet of Things (IoT) devices.
Implementations of ZigBee in home networks requires that an insecure initial key transport has to be supported, making it possible to compromise ZigBee networks and take control of all connected devices on the network, security firm Cognosec warns.
The ZigBee standard was created to enable secure wireless communication for IoT devices and is most commonly used in so-called smart home networks.
Devices on a home automation network may include security systems such as door locks and motion sensors, as well as HVAC (heating, ventilating, and air conditioning) systems and smart lightbulbs/switches – all use ZigBee to communicate and are therefore potentially vulnerable.
Manufacturers using the ZigBee standard include Samsung, Philips, Motorola, Texas Instruments and many others.
Home networking kits are commonly designed for easy set-up and usage. This commonly leads to a vulnerable device pairing procedure that allows external parties to sniff the exchanged network key. Hackers able to snaffle this key gain the ability to break into vulnerable systems.
The key to communicating between devices on a ZigBee network is the usage of application profiles. A ZigBee home automation profile permits a series of device types to exchange control messages to put together a wireless home automation application.
View full story