Experts Find Serious Security Flaws in ZigBee Connected Devices

Philips Hue LED bulbs and other smart home devices that incorporate ZigBee wireless standards are vulnerable to hacking, according to recent findings by IT firm Cognosec.

At a Black Hat USA conference in Las Vegas recently Cognosec senior IS auditor Tobias Zillner demonstrated and exploited security vulnerabilities in ZigBee’s design and related products, according to a report from The Institution of Engineering and Technology.

“Tests with light bulbs and even door locks have shown that the vendors of the tested devices implement the minimum of the features required to be certified, including the default TC fallback key,” wrote Zillner in the company’s white paper on ZigBee’s vulnerabilities. The issue is particularly worrisome for people who use smart locks or security cameras.

Researchers from IT firm Cognosec prove ZigBee wireless connected devices are vulnerable to hacking, due to a major flaw in the wireless standard design. (Photo courtesy of ZigBee)

Zillner demonstrated it was possible for a third party to takeover a smart lighting solution. The lights could be stolen and joined to a fake network without knowledge of Zigbee’s active secret keys. Zillner noted the attacker only had to send a “reset to factory default” command to the light bulb and wait for the bulb to search and join the first available ZigBee network. The bulb would create without the need of further interaction from the user. Moreover, the bulb would consistently send beacon requests and search for a new network to join. 

According to a Network World report, researchers found Philips Hue bulbs were highly hackable in 2013. Researchers were able to black out the bulbs by installing malware in the Hue bridge. Zillner and Sebastian Strobl from Cognosec were able to demonstrate the vulnerability of Philips Hue bulb at Black Hat USA.

Smart lighting products tested by Zillner did not require physical interaction to reset the devices, he wrote in the presentation at Black Hat.

Tobias Zillner and Sebastian Strobl from Cognosec key findings of ZigBee vulnerabilities presented at Black Hat USA 2015. Seen here is a slide from their presentation at the conference. (Source: Tobias Zillner and Sebastian Strobl)

At fault is ZigBe’s security architecture that is based on using a fixed secret key, known as the ZLL key that is stored in all ZigBee devices. This master key is supposed to be used as a default link to encrypt or decrypt the exchanged network key, but is also greatly at risk of being compromised, said Zillner.

To sum up, Zillner fingered the source of vulnerability to manufacturers interoperability requirements, and the need to drive down costs that is driving manufacturers to design products meeting the minimum ZigBee security requirements, reported TechCrunch.

ZigBee smart devices are designed to be easy to set up and operate, but security of the connected wireless devices is sacrificed in the process.

ZigBee alliance was founded in 2003, and is one of the oldest wireless communication systems in the industry.

Leading electronic manufacturers such as Sony, Philips, Samsung, Motorola, and Texas Instruments are all members of the alliance.

In response to Zillner’s findings, Engadget posted a statement from ZigBee stating its members take security very seriously and are developing standards and protocols o achieve a balance between ease of use and security interaction in devices.

The hack described by Cognosec is an old one that is applicable to any system that relies on open key exchange to join the network.

“Security has to fit the application, and schemes are dictated by the resources at hand. It is very hard to enter a 16-digit passphrase into a light bulb when there is no keyboard or monitor. If a scheme is too expensive, too difficult to install, or too time-consuming – consumers won't apply it.”
 

Disclaimers of Warranties
1. The website does not warrant the following:
1.1 The services from the website meets your requirement;
1.2 The accuracy, completeness, or timeliness of the service;
1.3 The accuracy, reliability of conclusions drawn from using the service;
1.4 The accuracy, completeness, or timeliness, or security of any information that you download from the website
2. The services provided by the website is intended for your reference only. The website shall be not be responsible for investment decisions, damages, or other losses resulting from use of the website or the information contained therein<
Proprietary Rights
You may not reproduce, modify, create derivative works from, display, perform, publish, distribute, disseminate, broadcast or circulate to any third party, any materials contained on the services without the express prior written consent of the website or its legal owner.
ams OSRAM’s OSIRE® E3731i and Stand-Alone Intelligent Driver (SAID) use OSP license-free protocol to connect color LEDs, sensors and microcontrollers. ams OSRAM, a global leader in intelligent emitting and sensing technologies, will... READ MORE

JBD, a pioneering MicroLED display manufacturer, has set a new standard with its Phoenix series microdisplay, achieving an industry-record white-balanced brightness of 2 million nits. JBD’s Phoenix - Native Monolithic RGB Panel Leveragin... READ MORE