[Austria] ZigBee exploited
0 likes765 views
Sebastian Strobl presented on exploiting vulnerabilities in Zigbee, a wireless communication standard. He discussed Zigbee's security measures but noted flaws introduced by application profiles that mandate interoperability. He demonstrated attacks against real Zigbee devices, including sniffing network keys during pairing, jamming communication, and hijacking devices to join his own network. In summary, while Zigbee defines appropriate security measures, vulnerabilities arise from weak implementation and prioritization of usability over security by vendors.
![ZIGBEE EXPLOITED
17
HOME AUTOMATION PROFILE
Return to Factory Defaults
• In support of a return to factory default capability, HA devices shall implement a
Network Leave service.Prior to execution of the NWK Leave […] the device shall ensure
all operating parameters are reset to allow a reset to factory defaults.](https://image.slidesharecdn.com/20151012owaspgoodbadugly-151030105254-lva1-app6892/85/Austria-ZigBee-exploited-17-320.jpg)
![23
OFFICIAL STATEMENT
"To avoid 'bugs' that an attacker can use to his advantage, it is
crucial that security be well implemented and tested. […] Security
services should be implemented and tested by security experts
[…]."
(ZigBee Alliance 2008, p. 494)
ZIGBEE EXPLOITED](https://image.slidesharecdn.com/20151012owaspgoodbadugly-151030105254-lva1-app6892/85/Austria-ZigBee-exploited-23-320.jpg)
[Austria] ZigBee exploited
- 1. ZIGBEE EXPLOITED SEBASTIAN STROBL THE GOOD, THE BAD AND THE UGLY
- 2. 2 SEBASTIAN STROBL • Principal Auditor @Cognosec in Vienna • Plans and leads various types of IT audits • Still trying to get his HD drone vision to work • Currently uses Z-Wave for Home Automation until we manage to break it too ABOUT ME ZIGBEE EXPLOITED
- 3. 3 ZIGBEE EXPLOITED AGENDA • Introduction • ZigBee Security Measures - The good • ZigBee Application Profiles - The bad • ZigBee Implementations - The ugly • Demonstration • Summary ZIGBEE EXPLOITED
- 4. ZIGBEE EXPLOITED WHAT IT’S ALL ABOUT
- 5. ZIGBEE EXPLOITED 5 ZigBee Based on IEEE 802.15.4 Low-cost Low-power Two-way Reliable Wireless
- 6. 6 ZigBee Application Domains Remote Control Building Automation Home Automation Health Care Smart Energy Retail Services Telecom Services ZIGBEE EXPLOITED
- 7. 7 • Trend is wireless connections • Samsung CEO BK Yoon - “Every Samsung device will be part of IoT till 2019” 3 • Over 500 smart device per household in 2022 1 1 http://www.gartner.com/newsroom/id/2839717 2 http://www.gartner.com/newsroom/id/2636073 3 http://www.heise.de/newsticker/meldung/CES-Internet-der-Dinge-komfortabel- vernetzt-2512856.html 0.9 billion 26 billion 0 5,000,000,000 10,000,000,000 15,000,000,000 20,000,000,000 25,000,000,000 30,000,000,000 2009 2020 Number of IoT DevicesWHY IS IT IMPORTANT? ZIGBEE EXPLOITED
- 8. 8 WHY SECURITY? • HOME automation has high privacy requirements • Huge source of personalized data Items of interest will be located, identified, monitored,and remotely controlled through technologiessuch as radio-frequency identification,sensor networks, tiny embedded servers, and energy harvesters- all connected to the next-generation internet1 -Former CIA Director David Petraeus" ZIGBEE EXPLOITED
- 9. ZIGBEE EXPLOITED ZIGBEE SECURITY MEASURES - THE GOOD
- 10. 10 ZIGBEE SECURITY MEASURES Security Measures Symmetric Encryption Message Authentication Integrity Protection Replay Protection AES-CCM* 128bit MIC 0 - 128 bit Frame Counter 4 Byte ZIGBEE EXPLOITED
- 11. ZIGBEE EXPLOITED 11 ZIGBEE SECURITY • One security level per network • Security based on encryption keys • Network Key: Used for broadcast communication, Shared among all devices • Link Key: Used for secure unicast communication, Shared only between two devices
- 12. ZIGBEE EXPLOITED 12 SECURITY ARCHITECTURE Trust in the security is ultimately reduces to: • Trust in the secure initializationof keying material • Trust in the secure installationof keying material • Trust in the secure processing of keying material • Trust in the secure storage of keying material
- 13. 13 HOW ARE KEYS EXCHANGED? Preinstalled Devices Key Transport •Out of band recommended Key Establishment •Derived from other keys •Also requires preinstalled keys ZIGBEE EXPLOITED
- 14. ZIGBEE EXPLOITED ZIGBEE APPLICATION PROFILES - THE BAD
- 15. ZIGBEE EXPLOITED 15 APPLICATION PROFILES Define communication between devices • Agreements for messages • Message formats • Processing actions Enable applications to • Send commands • Request data • Process commands • Process requests Startup Attribute Sets (SAS) provide interoperability and compatibility
- 16. ZIGBEE EXPLOITED 16 HOME AUTOMATION PROFILE Default Trust Center Link Key • 0x5A 0x69 0x67 0x42 0x65 0x65 0x41 0x6C 0x6C 0x69 0x61 0x6E0x63 0x65 0x30 0x39 • ZigBeeAlliance09 Use Default Link Key Join • 0x01(True) • This flag enables the use of default link key join as a fallback case at startup time.
- 17. ZIGBEE EXPLOITED 17 HOME AUTOMATION PROFILE Return to Factory Defaults • In support of a return to factory default capability, HA devices shall implement a Network Leave service.Prior to execution of the NWK Leave […] the device shall ensure all operating parameters are reset to allow a reset to factory defaults.
- 18. ZIGBEE EXPLOITED 18 LIGHT LINK PROFILE • Devices in a ZLL shall use ZigBee network layer security. • “The ZLL security architecture is based on using a fixed secret key, known as the ZLL key, which shall be stored in each ZLL device. All ZLL devices use the ZLL key to encrypt/decrypt the exchanged network key. “ • “It will be distributed only to certified manufacturers and is bound with a safekeeping contract“
- 19. ZIGBEE EXPLOITED 19 LIGHT LINK PROFILE
- 20. ZIGBEE EXPLOITED 20 LIGHT LINK nwkAllFresh • False • Do not check frame counter Trust center link key • 0x5a 0x69 0x67 0x42 0x65 0x65 0x41 0x6c 0x6c 0x69 0x61 0x6e 0x63 0x65 0x30 0x39 • Default key for communicating with a trust center
- 21. ZIGBEE EXPLOITED 21 LIGHT LINK Use insecure join • True • Use insecure join as a fallback option.
- 22. ZIGBEE EXPLOITED ZIGBEE IMPLEMENTATIONS - THE UGLY
- 23. 23 OFFICIAL STATEMENT "To avoid 'bugs' that an attacker can use to his advantage, it is crucial that security be well implemented and tested. […] Security services should be implemented and tested by security experts […]." (ZigBee Alliance 2008, p. 494) ZIGBEE EXPLOITED
- 24. ZIGBEE EXPLOITED 24 REQUEST KEY SERVICE "The request-key service provides a secure means for a device to request the active network key, or an end-to-end application master key, from another device" (ZigBee Alliance 2008, p. 425)
- 25. ZIGBEE EXPLOITED 25 ZBOSS /** Remote device asked us for key. Application keys are not implemented. Send current network key. Not sure: send unsecured? What is meaning of that command?? Maybe, idea is that we can accept "previous" nwk key? Or encrypt by it? */
- 26. ZIGBEE EXPLOITED 26 ZBOSS /* Initiate unsecured key transfer. Not sure it is right, but I really have no ideas about request meaning of key for network key. */
- 27. 27 TESTED DEVICES • Door Lock • Smart Home System • Lighting Solutions ZIGBEE EXPLOITED
- 28. 28 RESULTS ALL tested systems only use the default TC Link Key for securing the initial key exchange No link keys are used or supported • Complete compromise after getting network key No ZigBee security configuration possibilities available No key rotation applied • Test period of 11 month ZIGBEE EXPLOITED
- 29. 29 RESULTS Device reset often difficult • Removal of key material not guaranteed • One device does not support reset at all Light bulbs do not require physical interaction for pairing Workarounds like reduced transmission power are used to prevent pairing problems • Devices have to be in very close proximity for pairing ZIGBEE EXPLOITED
- 31. ZIGBEE EXPLOITED SECBEE ZigBee security testing tool Target audience • Security testers • Developers Based on scapy-radio, µracoli and killerbee Raspbee USRP B210
- 32. ZIGBEE EXPLOITED SECBEE Provides features for testing of security services as well as weak security configuration and implementation Raspbee USRP B210 • Support of encrypted communication • Command injection • Scan for weak key transport • Reset to factory • Join to network • Test security services
- 34. ZIGBEE EXPLOITED DEMONSTRATION - KEY EXTRACTION
- 35. ZIGBEE EXPLOITED 35 NETWORK KEY SNIFFING Fallback key exchange insecure Most vendors only implement fallback solution Same security level as plaintext exchange
- 37. ZIGBEE EXPLOITED 37 NETWORK KEY SNIFFING So, the • Timeframe is limited • Proximity is necessary • Key extraction works only during pairing … what would an attacker do?
- 39. 39 Wait for users to re-pair the device Jam the communication It is not only about technology :D ZIGBEE EXPLOITED
- 40. ZIGBEE EXPLOITED DEMONSTRATION - RADIO JAMMING
- 41. ZIGBEE EXPLOITED DEMONSTRATION - COMMAND INJECTION
- 42. ZIGBEE EXPLOITED DEMONSTRATION - DEVICE HIJACKING
- 43. ZIGBEE EXPLOITED 43 DEVICE HIJACKING Devices are paired and working • Identify the target device • Reset to factory default settings • Join the target device to our network
- 44. ZIGBEE EXPLOITED 44 DEVICE HIJACKING No physical access is required No knowledge of the secret key is needed Usability overrules security
- 45. 45 SUMMARY • Security measures provided are good • Requirements due to interoperability weaken the security level drastically • Vendors only implement the absolute minimum to be compliant • Usability overrules security ZIGBEE EXPLOITED
- 46. 46 OWASP SOUND BYTES • Proper implementation of security measures is crucial - Compliance is not Security • Learn from history and do not rely on “Security by Obscurity” • There is a world beside TCP/IP ZIGBEE EXPLOITED
- 47. THANK YOU
- 48. TIME FOR QUESTIONS AND ANSWERS