ZigBee Penetration Testing
Posted in: ZigBee Hacking

ZigBee Penetration Testing Fundamentals: Part 1

ZigBee Penetration Testing is rising, ZigBee Attacks can be disruptive to your entire network, learn how to secure your IoT network from malicious Hackers.

Zigbee is an open wireless technology that supports low-cost, and low-power devices to communicate effectively through a Wireless mesh network.

Hacking ZigBee
Hacking ZigBee

WWWW – All devices connected

Zigbee Devices
Zigbee Devices

Typical application areas include:

  • Home automation
  • Wireless sensor networks
  • Industrial control systems
  • Embedded sensing
  • Medical data collection
  • Smoke and intruder warning
  • Building automation
  • Remote wireless microphone configuration

ZigBee Stack

Physical – Layer 1

ZigBee networks are dedicated to sensor networks with low power consumption, they operate on 2.4 GHz ISM Frequency and have the standard IEEE 802.15.4 specification dedicated to radio signals.

Layer 1 is responsible for controlling the modulation and demodulation, link quality, and energy detection.

Some extra frequencies:

  • 878Mhz – Europe
  • 915 Mhz – America
  • 745 Mhz – China

Channels

There are 16 channels available with 2 MHZ wide and 5 MHz between channels, a channel after is defined and used until the end of the communication.

MAC – Layer 2

Frame Types:

  • Data –
  • Beacon –
  • ACK –
  • MAC –
  • CRC –

Network – Layer 3

Physical Device types

Coordinator, Router, End Device

Network Device Types

FDD

RFD

Network Addresses

ZigBee Topologies

Star, Mesh, and Cluster tree

ZigBee Penetration Testing

  • Physical
  • Key
  • Replay / Injection

Physical Attacks

PirateBUS and GoodFet help us find the encryption key by sniffing the transmission protocols or impersonation a device.

  • 1-Wire
  • JTAG
  • SPI
  • Async Serial

Key Based Attacks

ZigBee has two types of keys hardcoded (pre shared key) or updated by OTA.

Replay / Injection Attacks

zigbee sniffer can be used to collect data

ZigBee Security Frameworks

KillerBee

Zigbee Protocol Analyzer

Hardware

  • ApiMote
  • ELK
  • RZ Raven

Learn more about IoT Hacking

Back to Top