Trade Resources Industry Views Experts Find Serious Security Flaws in ZigBee Connected Devices

Experts Find Serious Security Flaws in ZigBee Connected Devices

Philips Hue LED bulbs and other smart home devices that incorporate ZigBee wireless standards are vulnerable to hacking, according to recent findings by IT firm Cognosec.

At a Black Hat USA conference in Las Vegas recently Cognosec senior IS auditor Tobias Zillner demonstrated and exploited security vulnerabilities in ZigBee’s design and related products, according to a report from The Institution of Engineering and Technology.

“Tests with light bulbs and even door locks have shown that the vendors of the tested devices implement the minimum of the features required to be certified, including the default TC fallback key,” wrote Zillner in the company’s white paper on ZigBee’s vulnerabilities. The issue is particularly worrisome for people who use smart locks or security cameras.

Zillner demonstrated it was possible for a third party to takeover a smart lighting solution. The lights could be stolen and joined to a fake network without knowledge of Zigbee’s active secret keys. Zillner noted the attacker only had to send a “reset to factory default” command to the light bulb and wait for the bulb to search and join the first available ZigBee network. The bulb would create without the need of further interaction from the user. Moreover, the bulb would consistently send beacon requests and search for a new network to join.

According to a Network World report, researchers found Philips Hue bulbs were highly hackable in 2013. Researchers were able to black out the bulbs by installing malware in the Hue bridge. Zillner and Sebastian Strobl from Cognosec were able to demonstrate the vulnerability of Philips Hue bulb at Black Hat USA.

Smart lighting products tested by Zillner did not require physical interaction to reset the devices, he wrote in the presentation at Black Hat.

At fault is ZigBe’s security architecture that is based on using a fixed secret key, known as the ZLL key that is stored in all ZigBee devices. This master key is supposed to be used as a default link to encrypt or decrypt the exchanged network key, but is also greatly at risk of being compromised, said Zillner.

To sum up, Zillner fingered the source of vulnerability to manufacturers interoperability requirements, and the need to drive down costs that is driving manufacturers to design products meeting the minimum ZigBee security requirements, reported TechCrunch.

ZigBee smart devices are designed to be easy to set up and operate, but security of the connected wireless devices is sacrificed in the process.

ZigBee alliance was founded in 2003, and is one of the oldest wireless communication systems in the industry.

Leading electronic manufacturers such as Sony, Philips, Samsung, Motorola, and Texas Instruments are all members of the alliance.

In response to Zillner’s findings, Engadget posted a statement from ZigBee stating its members take security very seriously and are developing standards and protocols o achieve a balance between ease of use and security interaction in devices.

The hack described by Cognosec is an old one that is applicable to any system that relies on open key exchange to join the network.

“Security has to fit the application, and schemes are dictated by the resources at hand. It is very hard to enter a 16-digit passphrase into a light bulb when there is no keyboard or monitor. If a scheme is too expensive, too difficult to install, or too time-consuming – consumers won't apply it.”

Contribute Copyright Policy
Topics: Lighting