ZigBee is one of the most widespread communication standards used in the Internet of Things and especially in the area of smart homes. If you have, for example, a smart light bulb at home, the chance is very high that you are actually using ZigBee. Popular lighting applications, such as Philips Hue or Osram Lightify are based on this standard. Usually, IoT devices have very limited processing and energy resources, and therefore not capable of implementing well-known communication standards, such as Wifi. ZigBee is, however, an open, publicly available alternative that enables wireless communication for such devices.
ZigBee also provides security services for key establishment, key transport, frame protection, and device management that are based on established cryptographic algorithms.So, is a ZigBee home automation network with applied security and smart home communication protected? No, absolutely not. Due to interoperability and compatibility requirements, as well as the application of legacy security concepts, it is possible to compromise ZigBee networks and take over control of all connected devices. For example, it is entirely possible for an external party to gain control over every smart light bulb that supports the ZigBee Light Link profile. This is made possible because the initial key transport is done in an unsecured way, and support of this weak key transport is, in fact, even required by the standard itself.Due to these shortfalls and limitations created by the manufacturers themselves, the security risk in this last tier communication standard can be considered as very high.This talk will provide an overview of the actual applied security measures in ZigBee, highlight the included weaknesses, and show practical exploitations of actual product vulnerabilities, as well as our recently developed ZigBee security-testing framework tool.