Cognosec Sheds Light on ZigBee Security Vulnerabilities
FREMONT, CA: Cognosec, a provider of IT security solutions, has presented a paper highlighting flaw in ZigBee implementations that affects multiple device types. The presentation affirms possibility of intruders to breach ZigBee networks and control all connected devices on a network.
Internet of Things (IoT) is an emerging trend transforming enterprises across industry verticals, IoT comprises of digital and wireless technology integration in physical objects and systems. ZigBee is one of the popular technologies used to connect IoT devices. It is used in numerous areas including remote control, input devices, home automation, healthcare, telecom services and smart energy. As industry is witnessing plethora of IoT based products and solutions, securing connected devices in a network is at most priority for a safer user experience.
The paper identifying critical vulnerabilities in ZigBee devices by verifying implementations of ZigBee security including a home automation system, a smart lighting solution and a ZigBee enabled door lock were accessed using the newly developed ZigBee security testing tool, SecBee.
The analysis shows lack of configuration possibilities and performs vulnerable device pairing procedure that allows external parties to get hold of exchanged network key. ZigBee communications can be jammed by sending noise signals as it is designed for low power communication. A typical user would try to resolve the problem by re-pairing procedure which gives a window for the intruder to sniff transmitted network key and gain complete control of the system.
Similar tests revealed flaws in home automation system which failed to reset or change the applied network key leaving no room for an user to mitigate unwanted behavior in the network. The smart lighting solution is vulnerable to a device takeover from any external party. Resetting to factory default will force the smart bulb to search for a ZigBee network and it connects to the first network available without any interaction of a user.
The report recommends avoiding wireless communication systems for security applications as communications can be easily disturbed using simple jamming device. With radio hardware prices heading southwards, the attack scenarios are likely to increase.
The report concludes by offering some preconditions on implementation side, such as utilizing a tamper-resistant node which can erase sensitive information including security keys upon tamper detection, distribution of master keys via out-of-band channels and periodical churning of network keys and link keys.