ZigBee Penetration Testing is rising, ZigBee Attacks can be disruptive to your entire network, learn how to secure your IoT network from malicious Hackers.
Zigbee is an open wireless technology that supports low-cost, and low-power devices to communicate effectively through a Wireless mesh network.

WWWW – All devices connected

Typical application areas include:
- Home automation
- Wireless sensor networks
- Industrial control systems
- Embedded sensing
- Medical data collection
- Smoke and intruder warning
- Building automation
- Remote wireless microphone configuration
ZigBee Stack
Physical – Layer 1
ZigBee networks are dedicated to sensor networks with low power consumption, they operate on 2.4 GHz ISM Frequency and have the standard IEEE 802.15.4 specification dedicated to radio signals.
Layer 1 is responsible for controlling the modulation and demodulation, link quality, and energy detection.
Some extra frequencies:
- 878Mhz – Europe
- 915 Mhz – America
- 745 Mhz – China
Channels
There are 16 channels available with 2 MHZ wide and 5 MHz between channels, a channel after is defined and used until the end of the communication.
MAC – Layer 2
Frame Types:
- Data –
- Beacon –
- ACK –
- MAC –
- CRC –
Network – Layer 3
Physical Device types
Coordinator, Router, End Device
Network Device Types
FDD
RFD
Network Addresses
ZigBee Topologies
Star, Mesh, and Cluster tree
ZigBee Penetration Testing
- Physical
- Key
- Replay / Injection
Physical Attacks
PirateBUS and GoodFet help us find the encryption key by sniffing the transmission protocols or impersonation a device.
- 1-Wire
- JTAG
- SPI
- Async Serial
Key Based Attacks
ZigBee has two types of keys hardcoded (pre shared key) or updated by OTA.
Replay / Injection Attacks
zigbee sniffer can be used to collect data
ZigBee Security Frameworks
KillerBee
Hardware
- ApiMote
- ELK
- RZ Raven
Learn more about IoT Hacking