Zigbee Hacking And The Kinetic World presented at SOURCE Boston 2010

by Josh Wright,

Tags: Security Wireless Testing

Summary : ZigBee has been established as a low-power wireless protocol, boasting features that make it attractive for smart grid technology. Combined with the Smart Energy Profile, ZigBee is quickly becoming a staple technology in the home area network, bridging the interface between a smart meter, smart thermostat, load control and demand response devices.
To date, however, there has been little independent and open evaluation on the security of ZigBee implementations. To ensure the security of ZigBee implementations, developers, vendors and ZigBee must evaluate to identify security faults and threats to the integrity and confidentiality of the system. In this presentation, the author will demonstrate a framework and utilities designed for the evaluation of ZigBee technology. Through the use of readily-available hardware, packet sniffers and data manipulation tools, the author will present the results of testing various ZigBee implementations, discussing the strengths and weaknesses of ZigBee networks and the opportunities and techniques by which an attacker can exploit ZigBee implementations. Attendees in this presentation will gain an understanding of the strengths and weaknesses affecting the security of ZigBee technology. Following the presentation, the attendees will have an introduction to a new, open-source suite of ZigBee testing tools which can be used to evaluate ZigBee technology in their own organizations. Using these tools, developers will be able to build and expand on their own testing needs for standards-based or proprietary ZigBee profiles to validate the security of technology before it is deployed.