zigbee

ZigBee & Z-Wave Security Brief

May 21, 2018

We have performed in-depth evaluations of many products built on ZigBee and Z-Wave for clients, and we are often helping clients understand vulnerabilities in IoT products built on standard protocols such as these. We believe that it will benefit the overall community to share a brief summary of our comparisons between these two popular protocols based on the recent ZigBee 3.0 and Z-Wave S2 specifications which both aimed in-part to update the protocols to an increased level of security.

KillerBee Support for Sewino Open-Sniffer Platform

January 1, 2015

As part of our continued commitment to supporting open-source tools, we have added support to KillerBee for the Sewino Open-Sniffer 802.15.4 capture interface. This is the first supported device capable of 900 MHz sniffing. The KillerBee code is available to use it, although we are not actively maintaining and testing this integration. We welcome improvements to the integration or collaborations to expand the supported interfaces further. You can also read about the integration on their site.

ApiMote v4beta Released: A IEEE 802.15.4 Sniffing/Injection Interface

September 1, 2014

We have announced the ApiMote v4beta design and released it as open-source hardware at the TROOPERS14 security conference. This hardware was designed specifically with security researchers and assessors in mind, and is supported by the KillerBee software toolkit and GoodFET. We believe it offers unique capabilities unfulfilled by other interfaces currently available. If you want to use this board, you can build it based on the open-source design files or obtain a pre-built, tested, and programmed one from us.

IEEE 802.15.4/ZigBee Wireless IDS Beta Released

September 1, 2014

We have released BeeKeeper Wireless Intrusion Detection System (WIDS), an open-source IEEE 802.15.4 Wireless IDS at the TROOPERS14 security conference. This beta version demonstrates a strong framework for multiple sensors and a centralized analytic engine. A few simple detection scripts are included to demonstrate detecting common attacks. You can read about it on our projects page or review our presentation. The source code is available and we encourage anyone interested to submit updates to it.

Troopers 14: Making (and Breaking) an IEEE 802.15.4 WIDS

March 10, 2014

Presented the ApiMote v4beta hardware for sniffing and injection on IEEE 802.15.4 networks and released as open source. Demonstrated the beta BeeKeeper WIDS framework for wireless intrusion detection on 802.15.4. Showed a technique for injecting packets which are seen at the PHY layer by some radio-chips but not by other chips, even when both chips are IEEE 802.15.4 compliant. You can download a copy of the presentation here.

DefCon 20

August 1, 2011

Presented our project to create the ApiMote hardware at the Wireless Village. The ApiMote platform is designed specifically to fulfill the needs of security assessors, based on experience from both lab-research and field assessments. It is inexpensive, easy to program, supports expansion and battery power, uses an internal or external antenna, and has low-level support for cutting-edge RF research (low-level registers exposed, in support of PIP, POOP, etc).

ToorCon Seattle '11: Tools for Practical Exploration of the 802.15.4 Attack Surface

June 13, 2011

Presented toolkit for interacting with IEEE 802.15.4/Zigbee. Our tools build on top of the KillerBee framework developed by Josh Wright, and add support for additional hardware, code stability, as well as additional functionality such as reflexive jamming. In addition to a brief introduction to the issues of 802.15.4 security, demonstrated attendees how to get involved in attacking the surface themselves – the hardware and software they need – and showed how this enables them to not only perform their own assessments, but how it can provide attackers a way to interfere with the operation of networks as well.

ShmooCon '11: ZigBee Security: Find, Fix, Finish

February 1, 2011

Techniques for sniffing ZigBee packets have been presented, as have theoretical vulnerabilities in other types of wireless sensor networks, but this talk uses injection and intelligent packet generation to move towards real proof-of-concept attacks on 802.15.4/ZigBee networks.

We analyze which proposed wireless sensor network attacks actually work on ZigBee, and provide proof of concept implementations of theoretical attacks.