ToorCon 11: KillerBee – Practical Zigbee Exploitation Framework

On Saturday at ToorCon 11 I’m presenting my work in designing a framework and tools to exploit and manipulate ZigBee and IEEE 802.15.4 networks. KillerBee has been about 9 months in development, written in Python, leveraging the AVR RZUSB Stick as the interface to interact with these low-power networks.

ZigBee is a interesting wireless technology, not due to any particularly innovative design mechanisms (and certainly not from a robust security perspective) but because it interfaces with the kinetic world more than any other wireless protocol I’ve run into. It would be unheard of to use WiFi as a mechanism to control gas valves in distribution mains, and you would never see Bluetooth controlling a flood release main, yet ZigBee and IEEE 802.15.4 seem to fit in with these scenarios, often with little in the way of mature security testing.

My hope is that people evaluating ZigBee and IEEE 802.15.4 technology will be able to leverage KillerBee as a platform to test third-party products (and, for vendors, to test their own products) for vulnerabilities. In my presentation on Saturday, I’ll detail several examples of how I’ve been using KillerBee for this purpose, and how you can as well.

After the conference I’ll post my slides here, so stay tuned. If you are coming to ToorCon, please be sure to stop by and say “Hi”.