Exploiting ZigBee at ToorCon 11 Slides

Yesterday I presented my findings on the security implications of the ZigBee protocol at ToorCon 11. I had a great audience and the presentation went smoothly where we looked at the basis of ZigBee technology and why ZigBee is important for embedded developers and interesting to attackers.

I also introduced a new project I've been working on dubbed KillerBee. KillerBee is a Python-based framework with several tools designed to exploit deficiencies in the design and implementation of ZigBee and IEEE 802.15.4 networks. The hardware I'm using with KillerBee is the AVR RZUSB stick, available from electronics resellers such as DigiKey and Mouser for $40/USD.

I'm still working on KillerBee, and it's not quite ready for prime time yet. I'm planning on doing a full release at ShmooCon, so if you are interested in doing some hands-on ZigBee hacking at Shmoo, pick up a few RZUSB sticks and come find me at the InGuardians booth. I had a bunch of CD's printed up and distributed at ToorCon for an early preview of KillerBee, sample packet captures, specification documentation and more. If you want to get a copy of that, please drop me a note.

In the meantime, you can grab my slides from the presentation. I'd love to hear feedback on ZigBee and what people are doing with this technology, so drop me a note and let's chat.

-Josh

October 25, 2009   Posted in: ZigBee

4 Responses

  1. Jamey Kistner - October 26, 2009

    Great information and an awesome presentation Josh, wish I could have attended Toorcon and seen it first hand, maybe next year. Looking forward to playing with KillerBee a little in the near future, keep us updated!

  2. BJPirt - November 3, 2009

    It’s great to see someone taking ZigBee security seriously. It’s something that I’ve been worrying about for a while and it’s good to see some nice python based tools to use in a threat assessment.

    One question I have is about the additional ECC based security in the Smart Energy Profile – have you come across any vulnerabilities in this yet? r are all the vulnerabilities in the default ZigBee security?

    I look forward to grabbing the tools when they’re ready for download.

    Cheers,

    BJPirt

  3. Joshua Wright - November 3, 2009

    Stay tuned for some recent research that can be used to exploit the Elliptic Curve Cryptography (ECC) systems used in the Smart Energy Profile (SEP). Certainly, this mechanism makes attacking ZigBee much more difficult than if the standard AES-CCM* encryption mechanism was used, but it has a number of vulnerabilities all on its own too.

    Thanks,

    -Josh

  4. Казимир - June 6, 2010

    Добавлена 31 января 2010 « Играй в S.T.A.L.K.E.R….

    Добавлена 31 января 2010 « Играй в S.T.A.L.K.E.R.

Leave a Reply

You must be logged in to post a comment.