Recently, Black Hat Cognosec company in Las Vegas, published a paper, pointed out the flaws in ZigBee protocol implementation method, hackers likely to harm ZigBee network, and “take over control of all connected devices within the network”.
Specific problem is that the ZigBee protocol standard supports the transfer of the initial key unsafe, coupled with the use of the key manufacturers for the default link – hacking has the opportunity to network, by sniffing a device crack user configuration file, and use the default link keys to join the network.
If manufacturers hope equipment can compatible with other manufacturers of other authentication device, you must deploy standard interface and configuration files. However, the use of the default link keys to the confidentiality of the network key brings great risk. Because the safety of the ZigBee relies heavily on the confidentiality of the key, namely the encryption key safe initialization and the transmission process, so that go against the trend of the default key use mechanism must be regarded as a serious risk. If an attacker can sniff out a device and use the default key link to join the network, the network is used in the key no longer safe, the entire network communication confidentiality can also be judged to be unsafe.
More at the root of the vulnerability to manufacturers can convenient and easy to use, and other networking equipment seamless collaboration equipment, at the same time to drive down the cost pressure, rather than a ZigBee protocol standard itself design problems.
Samsung, philips, Motoroal, Texas instruments, such as manufacturers are using the ZigBee protocol in some products.