Explore the security vulnerabilities and exploits in ZigBee, a widely used communication standard for Internet of Things devices, particularly in smart home applications. Delve into the limitations of ZigBee's security services, including key establishment, key transport, frame protection, and device management. Discover why ZigBee networks, despite implementing security measures, remain susceptible to compromise and external control. Learn about the interoperability requirements and legacy security concepts that contribute to these vulnerabilities. Examine practical exploitations of product vulnerabilities and gain insights into a recently developed ZigBee security-testing framework tool. This 42-minute Black Hat conference talk by Tobias Zillner and Sebastian Strobl provides a comprehensive overview of ZigBee security measures, their weaknesses, and the potential risks associated with this last-tier communication standard in IoT devices.
Overview
Syllabus
ZigBee Exploited The Good, The Bad, And The Ugly
Taught by
Black Hat