Blogs

ZigBee & Z-Wave Security Brief

We have performed in-depth evaluations of many products built on ZigBee and Z-Wave for clients, and we are often helping clients understand vulnerabilities in IoT products built on standard protocols such as these. We believe that it will benefit the overall community to share a brief summary of our comparisons between these two popular protocols based on the recent ZigBee 3.0 and Z-Wave S2 specifications which both aimed in-part to update the protocols to an increased level of security.

Continue reading

KillerBee Support for Sewino Open-Sniffer Platform

As part of our continued commitment to supporting open-source tools, we have added support to KillerBee for the Sewino Open-Sniffer 802.15.4 capture interface. This is the first supported device capable of 900 MHz sniffing. The KillerBee code is available to use it, although we are not actively maintaining and testing this integration. We welcome improvements to the integration or collaborations to expand the supported interfaces further. You can also read about the integration on their site.

Continue reading

ApiMote v4beta Released: A IEEE 802.15.4 Sniffing/Injection Interface

We have announced the ApiMote v4beta design and released it as open-source hardware at the TROOPERS14 security conference. This hardware was designed specifically with security researchers and assessors in mind, and is supported by the KillerBee software toolkit and GoodFET. We believe it offers unique capabilities unfulfilled by other interfaces currently available. If you want to use this board, you can build it based on the open-source design files or obtain a pre-built, tested, and programmed one from us.

Continue reading

IEEE 802.15.4/ZigBee Wireless IDS Beta Released

We have released BeeKeeper Wireless Intrusion Detection System (WIDS), an open-source IEEE 802.15.4 Wireless IDS at the TROOPERS14 security conference. This beta version demonstrates a strong framework for multiple sensors and a centralized analytic engine. A few simple detection scripts are included to demonstrate detecting common attacks. You can read about it on our projects page or review our presentation. The source code is available and we encourage anyone interested to submit updates to it.

Continue reading