ShmooCon '11: ZigBee Security: Find, Fix, Finish

February 1, 2011

Techniques for sniffing ZigBee packets have been presented, as have theoretical vulnerabilities in other types of wireless sensor networks, but this talk uses injection and intelligent packet generation to move towards real proof-of-concept attacks on 802.15.4/ZigBee networks.

We analyze which proposed wireless sensor network attacks actually work on ZigBee, and provide proof of concept implementations of theoretical attacks.

Specifically, we present tools that autonomously discovers and profiles networks in real time, gathering as much information over time about a network and its devices, their relationships, and traffic flows among other things; information gathered during this process will then be used to craft and inject arbitrary frames with minimal user interaction in order to attack the network with precision and pinpoint weaknesses.