Skip to content

ZigBee Attacks tutorial for Pentesters

IEEE 802.15.4 – 2.4 Ghz ISM Frequency

Range: 10 to 100 meters

Typical application areas include:

  • Home automation
  • Wireless sensor networks
  • Industrial control systems
  • Embedded sensing
  • Medical data collection
  • Smoke and intruder warning
  • Building automation
  • Remote wireless microphone configuration

Device Types



Coordinator, Router, End Device

ZigBee Topologies

Star, Mesh and Cluster tree

Zigbee Attacks

  • Physical
  • Key
  • Replay / Injection

ZigBee as two type of keys hardcoded (pre shared key) or updated by OTA

PirateBUS and GoodFet help us find the encryption key by sniffing the trasmition protocols or impersonation a device.

  • 1-Wire
  • JTAG
  • SPI
  • Async Serial

ZigBee Security Frameworks



  • ApiMote
  • ELK
  • RZ Raven

Learn more about IoT Hacking

Newsletter Signup

Subscribe to our weekly newsletter below and never miss the latest product or an exclusive offer.