Zigbee Security: Find, Fix, Finish presented at ShmooCon 2011

by Ryan Speers, Ricky Melgares,

Tags: Security Wireless Automation

URL : http://www.shmoocon.org/schedule#zigbee

Summary : ZigBee is a low-power, low-data rate wireless protocol based on IEEE 802.15.4. It connects lightweight embedded technology like HVAC, smart energy, security, and process automation systems, and is an attractive target as it touches the kinetic framework more than other wireless technologies. Techniques for sniffing ZigBee packets have been presented, as have theoretical vulnerabilities in other types of wireless sensor networks, but this talk uses injection and intelligent packet generation to move towards real proof-of-concept attacks on 802.15.4/ZigBee networks. We will look at which proposed wireless sensor network attacks actually work on ZigBee, and provide proof of concept implementations of theoretical attacks. Specifically, we will present a tool that autonomously discovers and profiles networks in real time, gathering as much information over time about a network and its devices, their relationships, and traffic flows among other things; information gathered during this process will then be used to craft and inject arbitrary frames with minimal user interaction in order to attack the network with precision and pinpoint weaknesses.

Ryan Speers: Ryan Speers and Ricky Melgares are Computer Science majors at Dartmouth College, pursuing a senior honors thesis in Zigbee security under Professor Sergey Bratus. So far, their thesis work has entailed receiving an accidental forwarding of a vendors internal email thread discussing the cons of us being security researchers wanting to buy their products, getting caught by campus security physically probing a sensor network, ripping apart the 802.15.4 and ZigBee protocols frame by fame, and spoofing these frames for a variety of attacks. They wish to remind you that “your RF is showing” and that wireless injection is king.

Ricky Melgares: Ryan Speers and Ricky Melgares are Computer Science majors at Dartmouth College, pursuing a senior honors thesis in Zigbee security under Professor Sergey Bratus. So far, their thesis work has entailed receiving an accidental forwarding of a vendors internal email thread discussing the cons of us being security researchers wanting to buy their products, getting caught by campus security physically probing a sensor network, ripping apart the 802.15.4 and ZigBee protocols frame by fame, and spoofing these frames for a variety of attacks. They wish to remind you that “your RF is showing” and that wireless injection is king.