SlideShare uma empresa Scribd logo

[Austria] ZigBee exploited

OWASP EEE
OWASP EEE

ZigBee exploited. The Good, the Bad and the Ugly. Sebastian Strobl

Internet
1 de 48
Baixar para ler offline
ZIGBEE EXPLOITED SEBASTIAN STROBL THE GOOD, THE BAD AND THE UGLY
2 SEBASTIAN STROBL • Principal Auditor @Cognosec in Vienna • Plans and leads various types of IT audits • Still trying to get his HD drone vision to work • Currently uses Z-Wave for Home Automation until we manage to break it too ABOUT ME ZIGBEE EXPLOITED
3 ZIGBEE EXPLOITED AGENDA • Introduction • ZigBee Security Measures - The good • ZigBee Application Profiles - The bad • ZigBee Implementations - The ugly • Demonstration • Summary ZIGBEE EXPLOITED
ZIGBEE EXPLOITED WHAT IT’S ALL ABOUT
ZIGBEE EXPLOITED 5 ZigBee Based on IEEE 802.15.4 Low-cost Low-power Two-way Reliable Wireless
6 ZigBee Application Domains Remote Control Building Automation Home Automation Health Care Smart Energy Retail Services Telecom Services ZIGBEE EXPLOITED
7 • Trend is wireless connections • Samsung CEO BK Yoon - “Every Samsung device will be part of IoT till 2019” 3 • Over 500 smart device per household in 2022 1 1 http://www.gartner.com/newsroom/id/2839717 2 http://www.gartner.com/newsroom/id/2636073 3 http://www.heise.de/newsticker/meldung/CES-Internet-der-Dinge-komfortabel- vernetzt-2512856.html 0.9 billion 26 billion 0 5,000,000,000 10,000,000,000 15,000,000,000 20,000,000,000 25,000,000,000 30,000,000,000 2009 2020 Number of IoT DevicesWHY IS IT IMPORTANT? ZIGBEE EXPLOITED
8 WHY SECURITY? • HOME automation has high privacy requirements • Huge source of personalized data Items of interest will be located, identified, monitored,and remotely controlled through technologiessuch as radio-frequency identification,sensor networks, tiny embedded servers, and energy harvesters- all connected to the next-generation internet1 -Former CIA Director David Petraeus" ZIGBEE EXPLOITED
ZIGBEE EXPLOITED ZIGBEE SECURITY MEASURES - THE GOOD
10 ZIGBEE SECURITY MEASURES Security Measures Symmetric Encryption Message Authentication Integrity Protection Replay Protection AES-CCM* 128bit MIC 0 - 128 bit Frame Counter 4 Byte ZIGBEE EXPLOITED
ZIGBEE EXPLOITED 11 ZIGBEE SECURITY • One security level per network • Security based on encryption keys • Network Key: Used for broadcast communication, Shared among all devices • Link Key: Used for secure unicast communication, Shared only between two devices
ZIGBEE EXPLOITED 12 SECURITY ARCHITECTURE Trust in the security is ultimately reduces to: • Trust in the secure initializationof keying material • Trust in the secure installationof keying material • Trust in the secure processing of keying material • Trust in the secure storage of keying material
13 HOW ARE KEYS EXCHANGED? Preinstalled Devices Key Transport •Out of band recommended Key Establishment •Derived from other keys •Also requires preinstalled keys ZIGBEE EXPLOITED
ZIGBEE EXPLOITED ZIGBEE APPLICATION PROFILES - THE BAD
ZIGBEE EXPLOITED 15 APPLICATION PROFILES Define communication between devices • Agreements for messages • Message formats • Processing actions Enable applications to • Send commands • Request data • Process commands • Process requests Startup Attribute Sets (SAS) provide interoperability and compatibility
ZIGBEE EXPLOITED 16 HOME AUTOMATION PROFILE Default Trust Center Link Key • 0x5A 0x69 0x67 0x42 0x65 0x65 0x41 0x6C 0x6C 0x69 0x61 0x6E0x63 0x65 0x30 0x39 • ZigBeeAlliance09 Use Default Link Key Join • 0x01(True) • This flag enables the use of default link key join as a fallback case at startup time.
ZIGBEE EXPLOITED 17 HOME AUTOMATION PROFILE Return to Factory Defaults • In support of a return to factory default capability, HA devices shall implement a Network Leave service.Prior to execution of the NWK Leave […] the device shall ensure all operating parameters are reset to allow a reset to factory defaults.
ZIGBEE EXPLOITED 18 LIGHT LINK PROFILE • Devices in a ZLL shall use ZigBee network layer security. • “The ZLL security architecture is based on using a fixed secret key, known as the ZLL key, which shall be stored in each ZLL device. All ZLL devices use the ZLL key to encrypt/decrypt the exchanged network key. “ • “It will be distributed only to certified manufacturers and is bound with a safekeeping contract“
ZIGBEE EXPLOITED 19 LIGHT LINK PROFILE
ZIGBEE EXPLOITED 20 LIGHT LINK nwkAllFresh • False • Do not check frame counter Trust center link key • 0x5a 0x69 0x67 0x42 0x65 0x65 0x41 0x6c 0x6c 0x69 0x61 0x6e 0x63 0x65 0x30 0x39 • Default key for communicating with a trust center
ZIGBEE EXPLOITED 21 LIGHT LINK Use insecure join • True • Use insecure join as a fallback option.
ZIGBEE EXPLOITED ZIGBEE IMPLEMENTATIONS - THE UGLY
23 OFFICIAL STATEMENT "To avoid 'bugs' that an attacker can use to his advantage, it is crucial that security be well implemented and tested. […] Security services should be implemented and tested by security experts […]." (ZigBee Alliance 2008, p. 494) ZIGBEE EXPLOITED
ZIGBEE EXPLOITED 24 REQUEST KEY SERVICE "The request-key service provides a secure means for a device to request the active network key, or an end-to-end application master key, from another device" (ZigBee Alliance 2008, p. 425)
ZIGBEE EXPLOITED 25 ZBOSS /** Remote device asked us for key. Application keys are not implemented. Send current network key. Not sure: send unsecured? What is meaning of that command?? Maybe, idea is that we can accept "previous" nwk key? Or encrypt by it? */
ZIGBEE EXPLOITED 26 ZBOSS /* Initiate unsecured key transfer. Not sure it is right, but I really have no ideas about request meaning of key for network key. */
27 TESTED DEVICES • Door Lock • Smart Home System • Lighting Solutions ZIGBEE EXPLOITED
28 RESULTS ALL tested systems only use the default TC Link Key for securing the initial key exchange No link keys are used or supported • Complete compromise after getting network key No ZigBee security configuration possibilities available No key rotation applied • Test period of 11 month ZIGBEE EXPLOITED
29 RESULTS Device reset often difficult • Removal of key material not guaranteed • One device does not support reset at all Light bulbs do not require physical interaction for pairing Workarounds like reduced transmission power are used to prevent pairing problems • Devices have to be in very close proximity for pairing ZIGBEE EXPLOITED
ZIGBEE EXPLOITED DEMONSTRATION
ZIGBEE EXPLOITED SECBEE ZigBee security testing tool Target audience • Security testers • Developers Based on scapy-radio, µracoli and killerbee Raspbee USRP B210
ZIGBEE EXPLOITED SECBEE Provides features for testing of security services as well as weak security configuration and implementation Raspbee USRP B210 • Support of encrypted communication • Command injection • Scan for weak key transport • Reset to factory • Join to network • Test security services
ZIGBEE EXPLOITED 33
ZIGBEE EXPLOITED DEMONSTRATION - KEY EXTRACTION
ZIGBEE EXPLOITED 35 NETWORK KEY SNIFFING Fallback key exchange insecure Most vendors only implement fallback solution Same security level as plaintext exchange
ZIGBEE EXPLOITED 36 VENDOR RESPONSE
ZIGBEE EXPLOITED 37 NETWORK KEY SNIFFING So, the • Timeframe is limited • Proximity is necessary • Key extraction works only during pairing … what would an attacker do?
38 TYPICAL END-USER ZIGBEE EXPLOITED
39 Wait for users to re-pair the device Jam the communication It is not only about technology :D ZIGBEE EXPLOITED
ZIGBEE EXPLOITED DEMONSTRATION - RADIO JAMMING
ZIGBEE EXPLOITED DEMONSTRATION - COMMAND INJECTION
ZIGBEE EXPLOITED DEMONSTRATION - DEVICE HIJACKING
ZIGBEE EXPLOITED 43 DEVICE HIJACKING Devices are paired and working • Identify the target device • Reset to factory default settings • Join the target device to our network
ZIGBEE EXPLOITED 44 DEVICE HIJACKING No physical access is required No knowledge of the secret key is needed Usability overrules security
45 SUMMARY • Security measures provided are good • Requirements due to interoperability weaken the security level drastically • Vendors only implement the absolute minimum to be compliant • Usability overrules security ZIGBEE EXPLOITED
46 OWASP SOUND BYTES • Proper implementation of security measures is crucial - Compliance is not Security • Learn from history and do not rely on “Security by Obscurity” • There is a world beside TCP/IP ZIGBEE EXPLOITED
THANK YOU
TIME FOR QUESTIONS AND ANSWERS

Recomendados

Home Invasion 2.0 - DEF CON 21 - 2013
Home Invasion 2.0 - DEF CON 21 - 2013Home Invasion 2.0 - DEF CON 21 - 2013
Home Invasion 2.0 - DEF CON 21 - 2013BaronZor
 
stackconf 2021 | Introducing Thola – A tool for Monitoring and Provisioning N...
stackconf 2021 | Introducing Thola – A tool for Monitoring and Provisioning N...stackconf 2021 | Introducing Thola – A tool for Monitoring and Provisioning N...
stackconf 2021 | Introducing Thola – A tool for Monitoring and Provisioning N...NETWAYS
 
Linux routing and firewall for beginners
Linux routing and firewall for beginnersLinux routing and firewall for beginners
Linux routing and firewall for beginnersn|u - The Open Security Community
 
SeattleFall1
SeattleFall1SeattleFall1
SeattleFall1Victor Angelbeat
 
Attacking VPN's
Attacking VPN'sAttacking VPN's
Attacking VPN'sn|u - The Open Security Community
 
Introduction to Oberon HomeKit SDKs
Introduction to Oberon HomeKit SDKsIntroduction to Oberon HomeKit SDKs
Introduction to Oberon HomeKit SDKsCuno Pfister
 
y3dips hacking priv8 network
y3dips hacking priv8 networky3dips hacking priv8 network
y3dips hacking priv8 networkidsecconf
 
Secure collab on prem hikmat
Secure collab on prem hikmatSecure collab on prem hikmat
Secure collab on prem hikmatCisco Canada
 

Recomendados

Home Invasion 2.0 - DEF CON 21 - 2013
Home Invasion 2.0 - DEF CON 21 - 2013Home Invasion 2.0 - DEF CON 21 - 2013
Home Invasion 2.0 - DEF CON 21 - 2013BaronZor
 
stackconf 2021 | Introducing Thola – A tool for Monitoring and Provisioning N...
stackconf 2021 | Introducing Thola – A tool for Monitoring and Provisioning N...stackconf 2021 | Introducing Thola – A tool for Monitoring and Provisioning N...
stackconf 2021 | Introducing Thola – A tool for Monitoring and Provisioning N...NETWAYS
 
Linux routing and firewall for beginners
Linux routing and firewall for beginnersLinux routing and firewall for beginners
Linux routing and firewall for beginnersn|u - The Open Security Community
 
SeattleFall1
SeattleFall1SeattleFall1
SeattleFall1Victor Angelbeat
 
Attacking VPN's
Attacking VPN'sAttacking VPN's
Attacking VPN'sn|u - The Open Security Community
 
Introduction to Oberon HomeKit SDKs
Introduction to Oberon HomeKit SDKsIntroduction to Oberon HomeKit SDKs
Introduction to Oberon HomeKit SDKsCuno Pfister
 
y3dips hacking priv8 network
y3dips hacking priv8 networky3dips hacking priv8 network
y3dips hacking priv8 networkidsecconf
 
Secure collab on prem hikmat
Secure collab on prem hikmatSecure collab on prem hikmat
Secure collab on prem hikmatCisco Canada
 
RPS/APS vulnerability in snom/yealink and others - slides
RPS/APS vulnerability in snom/yealink and others - slidesRPS/APS vulnerability in snom/yealink and others - slides
RPS/APS vulnerability in snom/yealink and others - slidesCal Leeming
 
BOX of Illusion MOSEC'17
BOX of Illusion MOSEC'17BOX of Illusion MOSEC'17
BOX of Illusion MOSEC'17Python0x0
 
Demystifying Wireless Security Using Open Source Options
Demystifying Wireless Security Using Open Source OptionsDemystifying Wireless Security Using Open Source Options
Demystifying Wireless Security Using Open Source OptionsMichele Chubirka
 
Eclipse Plugin for ESP-IDF - EclipseCon Europe 2019
Eclipse Plugin for ESP-IDF - EclipseCon Europe 2019Eclipse Plugin for ESP-IDF - EclipseCon Europe 2019
Eclipse Plugin for ESP-IDF - EclipseCon Europe 2019Kondal Kolipaka
 
Safe and Secure Applications: Deploying in a Cloud or Multi-Cloud Environment
Safe and Secure Applications: Deploying in a Cloud or Multi-Cloud EnvironmentSafe and Secure Applications: Deploying in a Cloud or Multi-Cloud Environment
Safe and Secure Applications: Deploying in a Cloud or Multi-Cloud EnvironmentDevOps.com
 
Meraki powered services bell
Meraki powered services bellMeraki powered services bell
Meraki powered services bellCisco Canada
 
PuppetConf 2017: Securing Secrets for Puppet, Without Interrupting Flow- Ryan...
PuppetConf 2017: Securing Secrets for Puppet, Without Interrupting Flow- Ryan...PuppetConf 2017: Securing Secrets for Puppet, Without Interrupting Flow- Ryan...
PuppetConf 2017: Securing Secrets for Puppet, Without Interrupting Flow- Ryan...Puppet
 
2012 ah emea deploying byod
2012 ah emea deploying byod2012 ah emea deploying byod
2012 ah emea deploying byodAruba, a Hewlett Packard Enterprise company
 
WebGoat.SDWAN.Net in Depth: SD-WAN Security Assessment
WebGoat.SDWAN.Net in Depth: SD-WAN Security Assessment WebGoat.SDWAN.Net in Depth: SD-WAN Security Assessment
WebGoat.SDWAN.Net in Depth: SD-WAN Security Assessment Sergey Gordeychik
 
Henrique Dantas - API fuzzing using Swagger
Henrique Dantas - API fuzzing using SwaggerHenrique Dantas - API fuzzing using Swagger
Henrique Dantas - API fuzzing using SwaggerDevSecCon
 
Orbleaf: Integrated Smart Card Development Platform
Orbleaf: Integrated Smart Card Development PlatformOrbleaf: Integrated Smart Card Development Platform
Orbleaf: Integrated Smart Card Development PlatformTech in Asia ID
 
IPv6 Security
IPv6 SecurityIPv6 Security
IPv6 SecuritySkeeve Stevens
 
[Cluj] Turn SSL ON
[Cluj] Turn SSL ON[Cluj] Turn SSL ON
[Cluj] Turn SSL ONOWASP EEE
 
Além do HTTPS - Como (tentar) Aumentar a Segurança de seu Website e Aplicação...
Além do HTTPS - Como (tentar) Aumentar a Segurança de seu Website e Aplicação...Além do HTTPS - Como (tentar) Aumentar a Segurança de seu Website e Aplicação...
Além do HTTPS - Como (tentar) Aumentar a Segurança de seu Website e Aplicação...Jeronimo Zucco
 
Tactics to beat the google de indexing
Tactics to beat the google de indexingTactics to beat the google de indexing
Tactics to beat the google de indexingSmart Social Brand
 
[Russia] Building better product security
[Russia] Building better product security[Russia] Building better product security
[Russia] Building better product securityOWASP EEE
 
Publico24 - DIGITAL PUBLISHING REINVENTED
Publico24 - DIGITAL PUBLISHING REINVENTEDPublico24 - DIGITAL PUBLISHING REINVENTED
Publico24 - DIGITAL PUBLISHING REINVENTEDPublico24
 
[Bucharest] Reversing the Apple Sandbox
[Bucharest] Reversing the Apple Sandbox[Bucharest] Reversing the Apple Sandbox
[Bucharest] Reversing the Apple SandboxOWASP EEE
 
[Cluj] Information Security Through Gamification
[Cluj] Information Security Through Gamification[Cluj] Information Security Through Gamification
[Cluj] Information Security Through GamificationOWASP EEE
 
[Bucharest] #DontTrustTheDarkSide
[Bucharest] #DontTrustTheDarkSide[Bucharest] #DontTrustTheDarkSide
[Bucharest] #DontTrustTheDarkSideOWASP EEE
 
[Lithuania] Cross-site request forgery: ways to exploit, ways to prevent
[Lithuania] Cross-site request forgery: ways to exploit, ways to prevent[Lithuania] Cross-site request forgery: ways to exploit, ways to prevent
[Lithuania] Cross-site request forgery: ways to exploit, ways to preventOWASP EEE
 
[Bucharest] Your intents are dirty, droid!
[Bucharest] Your intents are dirty, droid![Bucharest] Your intents are dirty, droid!
[Bucharest] Your intents are dirty, droid!OWASP EEE
 

Mais conteúdo relacionado

Mais procurados

RPS/APS vulnerability in snom/yealink and others - slides
RPS/APS vulnerability in snom/yealink and others - slidesRPS/APS vulnerability in snom/yealink and others - slides
RPS/APS vulnerability in snom/yealink and others - slidesCal Leeming
 
BOX of Illusion MOSEC'17
BOX of Illusion MOSEC'17BOX of Illusion MOSEC'17
BOX of Illusion MOSEC'17Python0x0
 
Demystifying Wireless Security Using Open Source Options
Demystifying Wireless Security Using Open Source OptionsDemystifying Wireless Security Using Open Source Options
Demystifying Wireless Security Using Open Source OptionsMichele Chubirka
 
Eclipse Plugin for ESP-IDF - EclipseCon Europe 2019
Eclipse Plugin for ESP-IDF - EclipseCon Europe 2019Eclipse Plugin for ESP-IDF - EclipseCon Europe 2019
Eclipse Plugin for ESP-IDF - EclipseCon Europe 2019Kondal Kolipaka
 
Safe and Secure Applications: Deploying in a Cloud or Multi-Cloud Environment
Safe and Secure Applications: Deploying in a Cloud or Multi-Cloud EnvironmentSafe and Secure Applications: Deploying in a Cloud or Multi-Cloud Environment
Safe and Secure Applications: Deploying in a Cloud or Multi-Cloud EnvironmentDevOps.com
 
Meraki powered services bell
Meraki powered services bellMeraki powered services bell
Meraki powered services bellCisco Canada
 
PuppetConf 2017: Securing Secrets for Puppet, Without Interrupting Flow- Ryan...
PuppetConf 2017: Securing Secrets for Puppet, Without Interrupting Flow- Ryan...PuppetConf 2017: Securing Secrets for Puppet, Without Interrupting Flow- Ryan...
PuppetConf 2017: Securing Secrets for Puppet, Without Interrupting Flow- Ryan...Puppet
 
WebGoat.SDWAN.Net in Depth: SD-WAN Security Assessment
WebGoat.SDWAN.Net in Depth: SD-WAN Security Assessment WebGoat.SDWAN.Net in Depth: SD-WAN Security Assessment
WebGoat.SDWAN.Net in Depth: SD-WAN Security Assessment Sergey Gordeychik
 
Henrique Dantas - API fuzzing using Swagger
Henrique Dantas - API fuzzing using SwaggerHenrique Dantas - API fuzzing using Swagger
Henrique Dantas - API fuzzing using SwaggerDevSecCon
 
Orbleaf: Integrated Smart Card Development Platform
Orbleaf: Integrated Smart Card Development PlatformOrbleaf: Integrated Smart Card Development Platform
Orbleaf: Integrated Smart Card Development PlatformTech in Asia ID
 

Mais procurados (12)

RPS/APS vulnerability in snom/yealink and others - slides
RPS/APS vulnerability in snom/yealink and others - slidesRPS/APS vulnerability in snom/yealink and others - slides
RPS/APS vulnerability in snom/yealink and others - slides
 
BOX of Illusion MOSEC'17
BOX of Illusion MOSEC'17BOX of Illusion MOSEC'17
BOX of Illusion MOSEC'17
 
Demystifying Wireless Security Using Open Source Options
Demystifying Wireless Security Using Open Source OptionsDemystifying Wireless Security Using Open Source Options
Demystifying Wireless Security Using Open Source Options
 
Eclipse Plugin for ESP-IDF - EclipseCon Europe 2019
Eclipse Plugin for ESP-IDF - EclipseCon Europe 2019Eclipse Plugin for ESP-IDF - EclipseCon Europe 2019
Eclipse Plugin for ESP-IDF - EclipseCon Europe 2019
 
Safe and Secure Applications: Deploying in a Cloud or Multi-Cloud Environment
Safe and Secure Applications: Deploying in a Cloud or Multi-Cloud EnvironmentSafe and Secure Applications: Deploying in a Cloud or Multi-Cloud Environment
Safe and Secure Applications: Deploying in a Cloud or Multi-Cloud Environment
 
Meraki powered services bell
Meraki powered services bellMeraki powered services bell
Meraki powered services bell
 
PuppetConf 2017: Securing Secrets for Puppet, Without Interrupting Flow- Ryan...
PuppetConf 2017: Securing Secrets for Puppet, Without Interrupting Flow- Ryan...PuppetConf 2017: Securing Secrets for Puppet, Without Interrupting Flow- Ryan...
PuppetConf 2017: Securing Secrets for Puppet, Without Interrupting Flow- Ryan...
 
2012 ah emea deploying byod
2012 ah emea deploying byod2012 ah emea deploying byod
2012 ah emea deploying byod
 
WebGoat.SDWAN.Net in Depth: SD-WAN Security Assessment
WebGoat.SDWAN.Net in Depth: SD-WAN Security Assessment WebGoat.SDWAN.Net in Depth: SD-WAN Security Assessment
WebGoat.SDWAN.Net in Depth: SD-WAN Security Assessment
 
Henrique Dantas - API fuzzing using Swagger
Henrique Dantas - API fuzzing using SwaggerHenrique Dantas - API fuzzing using Swagger
Henrique Dantas - API fuzzing using Swagger
 
Orbleaf: Integrated Smart Card Development Platform
Orbleaf: Integrated Smart Card Development PlatformOrbleaf: Integrated Smart Card Development Platform
Orbleaf: Integrated Smart Card Development Platform
 
IPv6 Security
IPv6 SecurityIPv6 Security
IPv6 Security
 

Destaque

[Cluj] Turn SSL ON
[Cluj] Turn SSL ON[Cluj] Turn SSL ON
[Cluj] Turn SSL ONOWASP EEE
 
Além do HTTPS - Como (tentar) Aumentar a Segurança de seu Website e Aplicação...
Além do HTTPS - Como (tentar) Aumentar a Segurança de seu Website e Aplicação...Além do HTTPS - Como (tentar) Aumentar a Segurança de seu Website e Aplicação...
Além do HTTPS - Como (tentar) Aumentar a Segurança de seu Website e Aplicação...Jeronimo Zucco
 
Tactics to beat the google de indexing
Tactics to beat the google de indexingTactics to beat the google de indexing
Tactics to beat the google de indexingSmart Social Brand
 
[Russia] Building better product security
[Russia] Building better product security[Russia] Building better product security
[Russia] Building better product securityOWASP EEE
 
Publico24 - DIGITAL PUBLISHING REINVENTED
Publico24 - DIGITAL PUBLISHING REINVENTEDPublico24 - DIGITAL PUBLISHING REINVENTED
Publico24 - DIGITAL PUBLISHING REINVENTEDPublico24
 
[Bucharest] Reversing the Apple Sandbox
[Bucharest] Reversing the Apple Sandbox[Bucharest] Reversing the Apple Sandbox
[Bucharest] Reversing the Apple SandboxOWASP EEE
 
[Cluj] Information Security Through Gamification
[Cluj] Information Security Through Gamification[Cluj] Information Security Through Gamification
[Cluj] Information Security Through GamificationOWASP EEE
 
[Bucharest] #DontTrustTheDarkSide
[Bucharest] #DontTrustTheDarkSide[Bucharest] #DontTrustTheDarkSide
[Bucharest] #DontTrustTheDarkSideOWASP EEE
 
[Lithuania] Cross-site request forgery: ways to exploit, ways to prevent
[Lithuania] Cross-site request forgery: ways to exploit, ways to prevent[Lithuania] Cross-site request forgery: ways to exploit, ways to prevent
[Lithuania] Cross-site request forgery: ways to exploit, ways to preventOWASP EEE
 
[Bucharest] Your intents are dirty, droid!
[Bucharest] Your intents are dirty, droid![Bucharest] Your intents are dirty, droid!
[Bucharest] Your intents are dirty, droid!OWASP EEE
 
Ulasan Singkat Tentang ISIS
Ulasan Singkat Tentang ISISUlasan Singkat Tentang ISIS
Ulasan Singkat Tentang ISISHappy Islam
 
올핏 사업계획서
올핏 사업계획서올핏 사업계획서
올핏 사업계획서Namjung Kim
 
Kayıp Kaçak Yönetimi II:Kök Sorunlar ve Çözümler
Kayıp Kaçak Yönetimi II:Kök Sorunlar ve Çözümler Kayıp Kaçak Yönetimi II:Kök Sorunlar ve Çözümler
Kayıp Kaçak Yönetimi II:Kök Sorunlar ve ÇözümlerABDULLAH SEVİMLİ
 
[Bucharest] From SCADA to IoT Cyber Security
[Bucharest] From SCADA to IoT Cyber Security[Bucharest] From SCADA to IoT Cyber Security
[Bucharest] From SCADA to IoT Cyber SecurityOWASP EEE
 
No Easy Breach DerbyCon 2016
No Easy Breach DerbyCon 2016No Easy Breach DerbyCon 2016
No Easy Breach DerbyCon 2016Matthew Dunwoody
 

Destaque (15)

[Cluj] Turn SSL ON
[Cluj] Turn SSL ON[Cluj] Turn SSL ON
[Cluj] Turn SSL ON
 
Além do HTTPS - Como (tentar) Aumentar a Segurança de seu Website e Aplicação...
Além do HTTPS - Como (tentar) Aumentar a Segurança de seu Website e Aplicação...Além do HTTPS - Como (tentar) Aumentar a Segurança de seu Website e Aplicação...
Além do HTTPS - Como (tentar) Aumentar a Segurança de seu Website e Aplicação...
 
Tactics to beat the google de indexing
Tactics to beat the google de indexingTactics to beat the google de indexing
Tactics to beat the google de indexing
 
[Russia] Building better product security
[Russia] Building better product security[Russia] Building better product security
[Russia] Building better product security
 
Publico24 - DIGITAL PUBLISHING REINVENTED
Publico24 - DIGITAL PUBLISHING REINVENTEDPublico24 - DIGITAL PUBLISHING REINVENTED
Publico24 - DIGITAL PUBLISHING REINVENTED
 
[Bucharest] Reversing the Apple Sandbox
[Bucharest] Reversing the Apple Sandbox[Bucharest] Reversing the Apple Sandbox
[Bucharest] Reversing the Apple Sandbox
 
[Cluj] Information Security Through Gamification
[Cluj] Information Security Through Gamification[Cluj] Information Security Through Gamification
[Cluj] Information Security Through Gamification
 
[Bucharest] #DontTrustTheDarkSide
[Bucharest] #DontTrustTheDarkSide[Bucharest] #DontTrustTheDarkSide
[Bucharest] #DontTrustTheDarkSide
 
[Lithuania] Cross-site request forgery: ways to exploit, ways to prevent
[Lithuania] Cross-site request forgery: ways to exploit, ways to prevent[Lithuania] Cross-site request forgery: ways to exploit, ways to prevent
[Lithuania] Cross-site request forgery: ways to exploit, ways to prevent
 
[Bucharest] Your intents are dirty, droid!
[Bucharest] Your intents are dirty, droid![Bucharest] Your intents are dirty, droid!
[Bucharest] Your intents are dirty, droid!
 
Ulasan Singkat Tentang ISIS
Ulasan Singkat Tentang ISISUlasan Singkat Tentang ISIS
Ulasan Singkat Tentang ISIS
 
올핏 사업계획서
올핏 사업계획서올핏 사업계획서
올핏 사업계획서
 
Kayıp Kaçak Yönetimi II:Kök Sorunlar ve Çözümler
Kayıp Kaçak Yönetimi II:Kök Sorunlar ve Çözümler Kayıp Kaçak Yönetimi II:Kök Sorunlar ve Çözümler
Kayıp Kaçak Yönetimi II:Kök Sorunlar ve Çözümler
 
[Bucharest] From SCADA to IoT Cyber Security
[Bucharest] From SCADA to IoT Cyber Security[Bucharest] From SCADA to IoT Cyber Security
[Bucharest] From SCADA to IoT Cyber Security
 
No Easy Breach DerbyCon 2016
No Easy Breach DerbyCon 2016No Easy Breach DerbyCon 2016
No Easy Breach DerbyCon 2016
 

Semelhante a [Austria] ZigBee exploited

The A2530x24xx AIR Module for ZigBee Standard Applications
The A2530x24xx AIR Module for ZigBee Standard ApplicationsThe A2530x24xx AIR Module for ZigBee Standard Applications
The A2530x24xx AIR Module for ZigBee Standard ApplicationsAnaren, Inc.
 
DEFCON 23 - Li Jun Yang Ging - I’M A NEWBIE YET I CAN HACK ZIGBEE
DEFCON 23 - Li Jun Yang Ging - I’M A NEWBIE YET I CAN HACK ZIGBEEDEFCON 23 - Li Jun Yang Ging - I’M A NEWBIE YET I CAN HACK ZIGBEE
DEFCON 23 - Li Jun Yang Ging - I’M A NEWBIE YET I CAN HACK ZIGBEEFelipe Prado
 
Guidelines to Improve the Robustness of the OSGi Framework and Its Services A...
Guidelines to Improve the Robustness of the OSGi Framework and Its Services A...Guidelines to Improve the Robustness of the OSGi Framework and Its Services A...
Guidelines to Improve the Robustness of the OSGi Framework and Its Services A...mfrancis
 
Wireless stepper motor control using zigbee
Wireless stepper motor control using zigbeeWireless stepper motor control using zigbee
Wireless stepper motor control using zigbeesavan Darji
 
Home Automation Benchmarking Report
Home Automation Benchmarking ReportHome Automation Benchmarking Report
Home Automation Benchmarking ReportSynack
 
IBM i Encryption Made Easy
IBM i Encryption Made EasyIBM i Encryption Made Easy
IBM i Encryption Made EasyPrecisely
 
04 ccna sv2 instructor_ppt_ch5
04 ccna sv2 instructor_ppt_ch504 ccna sv2 instructor_ppt_ch5
04 ccna sv2 instructor_ppt_ch5Babaa Naya
 
Work Force Camp Logistics Eplex Wireless Solution
Work Force Camp Logistics Eplex Wireless SolutionWork Force Camp Logistics Eplex Wireless Solution
Work Force Camp Logistics Eplex Wireless SolutionKaba
 
IBM i Encryption Made Easy
IBM i Encryption Made EasyIBM i Encryption Made Easy
IBM i Encryption Made EasyPrecisely
 

Semelhante a [Austria] ZigBee exploited (20)

Tech sem on zig 1
Tech sem on zig 1Tech sem on zig 1
Tech sem on zig 1
 
Tech sem on zig 1
Tech sem on zig 1Tech sem on zig 1
Tech sem on zig 1
 
Zigbee technology
Zigbee technologyZigbee technology
Zigbee technology
 
The A2530x24xx AIR Module for ZigBee Standard Applications
The A2530x24xx AIR Module for ZigBee Standard ApplicationsThe A2530x24xx AIR Module for ZigBee Standard Applications
The A2530x24xx AIR Module for ZigBee Standard Applications
 
Zig bee
Zig beeZig bee
Zig bee
 
IoT security zigbee -- Null Meet bangalore
IoT security zigbee -- Null Meet bangaloreIoT security zigbee -- Null Meet bangalore
IoT security zigbee -- Null Meet bangalore
 
DEFCON 23 - Li Jun Yang Ging - I’M A NEWBIE YET I CAN HACK ZIGBEE
DEFCON 23 - Li Jun Yang Ging - I’M A NEWBIE YET I CAN HACK ZIGBEEDEFCON 23 - Li Jun Yang Ging - I’M A NEWBIE YET I CAN HACK ZIGBEE
DEFCON 23 - Li Jun Yang Ging - I’M A NEWBIE YET I CAN HACK ZIGBEE
 
Guidelines to Improve the Robustness of the OSGi Framework and Its Services A...
Guidelines to Improve the Robustness of the OSGi Framework and Its Services A...Guidelines to Improve the Robustness of the OSGi Framework and Its Services A...
Guidelines to Improve the Robustness of the OSGi Framework and Its Services A...
 
Wireless stepper motor control using zigbee
Wireless stepper motor control using zigbeeWireless stepper motor control using zigbee
Wireless stepper motor control using zigbee
 
Zigbee
ZigbeeZigbee
Zigbee
 
Zigbee Security
Zigbee SecurityZigbee Security
Zigbee Security
 
Zig bee
Zig beeZig bee
Zig bee
 
CSE-Zigbee-ppt.pptx
CSE-Zigbee-ppt.pptxCSE-Zigbee-ppt.pptx
CSE-Zigbee-ppt.pptx
 
ZIGBEE.pptx
ZIGBEE.pptxZIGBEE.pptx
ZIGBEE.pptx
 
Home Automation Benchmarking Report
Home Automation Benchmarking ReportHome Automation Benchmarking Report
Home Automation Benchmarking Report
 
Zig bee
Zig beeZig bee
Zig bee
 
IBM i Encryption Made Easy
IBM i Encryption Made EasyIBM i Encryption Made Easy
IBM i Encryption Made Easy
 
04 ccna sv2 instructor_ppt_ch5
04 ccna sv2 instructor_ppt_ch504 ccna sv2 instructor_ppt_ch5
04 ccna sv2 instructor_ppt_ch5
 
Work Force Camp Logistics Eplex Wireless Solution
Work Force Camp Logistics Eplex Wireless SolutionWork Force Camp Logistics Eplex Wireless Solution
Work Force Camp Logistics Eplex Wireless Solution
 
IBM i Encryption Made Easy
IBM i Encryption Made EasyIBM i Encryption Made Easy
IBM i Encryption Made Easy
 

Mais de OWASP EEE

[Austria] Security by Design
[Austria] Security by Design[Austria] Security by Design
[Austria] Security by DesignOWASP EEE
 
[Austria] How we hacked an online mobile banking Trojan
[Austria] How we hacked an online mobile banking Trojan[Austria] How we hacked an online mobile banking Trojan
[Austria] How we hacked an online mobile banking TrojanOWASP EEE
 
[Poland] It's only about frontend
[Poland] It's only about frontend[Poland] It's only about frontend
[Poland] It's only about frontendOWASP EEE
 
[Poland] SecOps live cooking with OWASP appsec tools
[Poland] SecOps live cooking with OWASP appsec tools[Poland] SecOps live cooking with OWASP appsec tools
[Poland] SecOps live cooking with OWASP appsec toolsOWASP EEE
 
[Cluj] CSP (Content Security Policy)
[Cluj] CSP (Content Security Policy)[Cluj] CSP (Content Security Policy)
[Cluj] CSP (Content Security Policy)OWASP EEE
 
[Cluj] A distributed - collaborative client certification system
[Cluj] A distributed - collaborative client certification system[Cluj] A distributed - collaborative client certification system
[Cluj] A distributed - collaborative client certification systemOWASP EEE
 
[Russia] Node.JS - Architecture and Vulnerabilities
[Russia] Node.JS - Architecture and Vulnerabilities[Russia] Node.JS - Architecture and Vulnerabilities
[Russia] Node.JS - Architecture and VulnerabilitiesOWASP EEE
 
[Russia] MySQL OOB injections
[Russia] MySQL OOB injections[Russia] MySQL OOB injections
[Russia] MySQL OOB injectionsOWASP EEE
 
[Russia] Bugs -> max, time <= T
[Russia] Bugs -> max, time <= T[Russia] Bugs -> max, time <= T
[Russia] Bugs -> max, time <= TOWASP EEE
 
[Russia] Give me a stable input
[Russia] Give me a stable input[Russia] Give me a stable input
[Russia] Give me a stable inputOWASP EEE
 
[Lithuania] I am the cavalry
[Lithuania] I am the cavalry[Lithuania] I am the cavalry
[Lithuania] I am the cavalryOWASP EEE
 
[Lithuania] DigiCerts and DigiID to Enterprise apps
[Lithuania] DigiCerts and DigiID to Enterprise apps[Lithuania] DigiCerts and DigiID to Enterprise apps
[Lithuania] DigiCerts and DigiID to Enterprise appsOWASP EEE
 
[Lithuania] Introduction to threat modeling
[Lithuania] Introduction to threat modeling[Lithuania] Introduction to threat modeling
[Lithuania] Introduction to threat modelingOWASP EEE
 
[Hungary] I play Jack of Information Disclosure
[Hungary] I play Jack of Information Disclosure[Hungary] I play Jack of Information Disclosure
[Hungary] I play Jack of Information DisclosureOWASP EEE
 
[Hungary] Survival is not mandatory. The air force one has departured are you...
[Hungary] Survival is not mandatory. The air force one has departured are you...[Hungary] Survival is not mandatory. The air force one has departured are you...
[Hungary] Survival is not mandatory. The air force one has departured are you...OWASP EEE
 
[Hungary] Secure Software? Start appreciating your developers!
[Hungary] Secure Software? Start appreciating your developers![Hungary] Secure Software? Start appreciating your developers!
[Hungary] Secure Software? Start appreciating your developers!OWASP EEE
 
[Bucharest] Catching up with today's malicious actors
[Bucharest] Catching up with today's malicious actors[Bucharest] Catching up with today's malicious actors
[Bucharest] Catching up with today's malicious actorsOWASP EEE
 
[Bucharest] XML Based Attacks
[Bucharest] XML Based Attacks[Bucharest] XML Based Attacks
[Bucharest] XML Based AttacksOWASP EEE
 
[Bucharest] Attack is easy, let's talk defence
[Bucharest] Attack is easy, let's talk defence[Bucharest] Attack is easy, let's talk defence
[Bucharest] Attack is easy, let's talk defenceOWASP EEE
 

Mais de OWASP EEE (19)

[Austria] Security by Design
[Austria] Security by Design[Austria] Security by Design
[Austria] Security by Design
 
[Austria] How we hacked an online mobile banking Trojan
[Austria] How we hacked an online mobile banking Trojan[Austria] How we hacked an online mobile banking Trojan
[Austria] How we hacked an online mobile banking Trojan
 
[Poland] It's only about frontend
[Poland] It's only about frontend[Poland] It's only about frontend
[Poland] It's only about frontend
 
[Poland] SecOps live cooking with OWASP appsec tools
[Poland] SecOps live cooking with OWASP appsec tools[Poland] SecOps live cooking with OWASP appsec tools
[Poland] SecOps live cooking with OWASP appsec tools
 
[Cluj] CSP (Content Security Policy)
[Cluj] CSP (Content Security Policy)[Cluj] CSP (Content Security Policy)
[Cluj] CSP (Content Security Policy)
 
[Cluj] A distributed - collaborative client certification system
[Cluj] A distributed - collaborative client certification system[Cluj] A distributed - collaborative client certification system
[Cluj] A distributed - collaborative client certification system
 
[Russia] Node.JS - Architecture and Vulnerabilities
[Russia] Node.JS - Architecture and Vulnerabilities[Russia] Node.JS - Architecture and Vulnerabilities
[Russia] Node.JS - Architecture and Vulnerabilities
 
[Russia] MySQL OOB injections
[Russia] MySQL OOB injections[Russia] MySQL OOB injections
[Russia] MySQL OOB injections
 
[Russia] Bugs -> max, time <= T
[Russia] Bugs -> max, time <= T[Russia] Bugs -> max, time <= T
[Russia] Bugs -> max, time <= T
 
[Russia] Give me a stable input
[Russia] Give me a stable input[Russia] Give me a stable input
[Russia] Give me a stable input
 
[Lithuania] I am the cavalry
[Lithuania] I am the cavalry[Lithuania] I am the cavalry
[Lithuania] I am the cavalry
 
[Lithuania] DigiCerts and DigiID to Enterprise apps
[Lithuania] DigiCerts and DigiID to Enterprise apps[Lithuania] DigiCerts and DigiID to Enterprise apps
[Lithuania] DigiCerts and DigiID to Enterprise apps
 
[Lithuania] Introduction to threat modeling
[Lithuania] Introduction to threat modeling[Lithuania] Introduction to threat modeling
[Lithuania] Introduction to threat modeling
 
[Hungary] I play Jack of Information Disclosure
[Hungary] I play Jack of Information Disclosure[Hungary] I play Jack of Information Disclosure
[Hungary] I play Jack of Information Disclosure
 
[Hungary] Survival is not mandatory. The air force one has departured are you...
[Hungary] Survival is not mandatory. The air force one has departured are you...[Hungary] Survival is not mandatory. The air force one has departured are you...
[Hungary] Survival is not mandatory. The air force one has departured are you...
 
[Hungary] Secure Software? Start appreciating your developers!
[Hungary] Secure Software? Start appreciating your developers![Hungary] Secure Software? Start appreciating your developers!
[Hungary] Secure Software? Start appreciating your developers!
 
[Bucharest] Catching up with today's malicious actors
[Bucharest] Catching up with today's malicious actors[Bucharest] Catching up with today's malicious actors
[Bucharest] Catching up with today's malicious actors
 
[Bucharest] XML Based Attacks
[Bucharest] XML Based Attacks[Bucharest] XML Based Attacks
[Bucharest] XML Based Attacks
 
[Bucharest] Attack is easy, let's talk defence
[Bucharest] Attack is easy, let's talk defence[Bucharest] Attack is easy, let's talk defence
[Bucharest] Attack is easy, let's talk defence
 

Último

Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine ServiceHot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Servicesexy call girls service in goa
 
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort ServiceEnjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort ServiceDelhi Call girls
 
On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024APNIC
 
Challengers I Told Ya ShirtChallengers I Told Ya Shirt
Challengers I Told Ya ShirtChallengers I Told Ya ShirtChallengers I Told Ya ShirtChallengers I Told Ya Shirt
Challengers I Told Ya ShirtChallengers I Told Ya Shirtrahman018755
 
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...tanu pandey
 
Networking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGNetworking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGAPNIC
 
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$kojalkojal131
 
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call GirlVIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girladitipandeya
 
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts servicesonalikaur4
 
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.soniya singh
 
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night StandHot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Standkumarajju5765
 
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts servicevipmodelshub1
 
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebGDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebJames Anderson
 
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...Sheetaleventcompany
 
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
AlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with FlowsAlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with FlowsThierry TROUIN ☁
 
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip CallDelhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Callshivangimorya083
 
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls KolkataLow Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 

Último (20)

Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine ServiceHot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
 
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort ServiceEnjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
 
On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024
 
Challengers I Told Ya ShirtChallengers I Told Ya Shirt
Challengers I Told Ya ShirtChallengers I Told Ya ShirtChallengers I Told Ya ShirtChallengers I Told Ya Shirt
Challengers I Told Ya ShirtChallengers I Told Ya Shirt
 
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
 
Networking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGNetworking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOG
 
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
 
Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...
Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...
Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...
 
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call GirlVIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
 
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
 
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
 
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night StandHot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
 
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
 
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebGDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
 
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
 
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No AdvanceRohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
 
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
 
AlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with FlowsAlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with Flows
 
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip CallDelhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
 
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls KolkataLow Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
 

[Austria] ZigBee exploited

  • 1. ZIGBEE EXPLOITED SEBASTIAN STROBL THE GOOD, THE BAD AND THE UGLY
  • 2. 2 SEBASTIAN STROBL • Principal Auditor @Cognosec in Vienna • Plans and leads various types of IT audits • Still trying to get his HD drone vision to work • Currently uses Z-Wave for Home Automation until we manage to break it too ABOUT ME ZIGBEE EXPLOITED
  • 3. 3 ZIGBEE EXPLOITED AGENDA • Introduction • ZigBee Security Measures - The good • ZigBee Application Profiles - The bad • ZigBee Implementations - The ugly • Demonstration • Summary ZIGBEE EXPLOITED
  • 5. ZIGBEE EXPLOITED 5 ZigBee Based on IEEE 802.15.4 Low-cost Low-power Two-way Reliable Wireless
  • 7. 7 • Trend is wireless connections • Samsung CEO BK Yoon - “Every Samsung device will be part of IoT till 2019” 3 • Over 500 smart device per household in 2022 1 1 http://www.gartner.com/newsroom/id/2839717 2 http://www.gartner.com/newsroom/id/2636073 3 http://www.heise.de/newsticker/meldung/CES-Internet-der-Dinge-komfortabel- vernetzt-2512856.html 0.9 billion 26 billion 0 5,000,000,000 10,000,000,000 15,000,000,000 20,000,000,000 25,000,000,000 30,000,000,000 2009 2020 Number of IoT DevicesWHY IS IT IMPORTANT? ZIGBEE EXPLOITED
  • 8. 8 WHY SECURITY? • HOME automation has high privacy requirements • Huge source of personalized data Items of interest will be located, identified, monitored,and remotely controlled through technologiessuch as radio-frequency identification,sensor networks, tiny embedded servers, and energy harvesters- all connected to the next-generation internet1 -Former CIA Director David Petraeus" ZIGBEE EXPLOITED
  • 9. ZIGBEE EXPLOITED ZIGBEE SECURITY MEASURES - THE GOOD
  • 10. 10 ZIGBEE SECURITY MEASURES Security Measures Symmetric Encryption Message Authentication Integrity Protection Replay Protection AES-CCM* 128bit MIC 0 - 128 bit Frame Counter 4 Byte ZIGBEE EXPLOITED
  • 11. ZIGBEE EXPLOITED 11 ZIGBEE SECURITY • One security level per network • Security based on encryption keys • Network Key: Used for broadcast communication, Shared among all devices • Link Key: Used for secure unicast communication, Shared only between two devices
  • 12. ZIGBEE EXPLOITED 12 SECURITY ARCHITECTURE Trust in the security is ultimately reduces to: • Trust in the secure initializationof keying material • Trust in the secure installationof keying material • Trust in the secure processing of keying material • Trust in the secure storage of keying material
  • 13. 13 HOW ARE KEYS EXCHANGED? Preinstalled Devices Key Transport •Out of band recommended Key Establishment •Derived from other keys •Also requires preinstalled keys ZIGBEE EXPLOITED
  • 15. ZIGBEE EXPLOITED 15 APPLICATION PROFILES Define communication between devices • Agreements for messages • Message formats • Processing actions Enable applications to • Send commands • Request data • Process commands • Process requests Startup Attribute Sets (SAS) provide interoperability and compatibility
  • 16. ZIGBEE EXPLOITED 16 HOME AUTOMATION PROFILE Default Trust Center Link Key • 0x5A 0x69 0x67 0x42 0x65 0x65 0x41 0x6C 0x6C 0x69 0x61 0x6E0x63 0x65 0x30 0x39 • ZigBeeAlliance09 Use Default Link Key Join • 0x01(True) • This flag enables the use of default link key join as a fallback case at startup time.
  • 17. ZIGBEE EXPLOITED 17 HOME AUTOMATION PROFILE Return to Factory Defaults • In support of a return to factory default capability, HA devices shall implement a Network Leave service.Prior to execution of the NWK Leave […] the device shall ensure all operating parameters are reset to allow a reset to factory defaults.
  • 18. ZIGBEE EXPLOITED 18 LIGHT LINK PROFILE • Devices in a ZLL shall use ZigBee network layer security. • “The ZLL security architecture is based on using a fixed secret key, known as the ZLL key, which shall be stored in each ZLL device. All ZLL devices use the ZLL key to encrypt/decrypt the exchanged network key. “ • “It will be distributed only to certified manufacturers and is bound with a safekeeping contract“
  • 20. ZIGBEE EXPLOITED 20 LIGHT LINK nwkAllFresh • False • Do not check frame counter Trust center link key • 0x5a 0x69 0x67 0x42 0x65 0x65 0x41 0x6c 0x6c 0x69 0x61 0x6e 0x63 0x65 0x30 0x39 • Default key for communicating with a trust center
  • 21. ZIGBEE EXPLOITED 21 LIGHT LINK Use insecure join • True • Use insecure join as a fallback option.
  • 23. 23 OFFICIAL STATEMENT "To avoid 'bugs' that an attacker can use to his advantage, it is crucial that security be well implemented and tested. […] Security services should be implemented and tested by security experts […]." (ZigBee Alliance 2008, p. 494) ZIGBEE EXPLOITED
  • 24. ZIGBEE EXPLOITED 24 REQUEST KEY SERVICE "The request-key service provides a secure means for a device to request the active network key, or an end-to-end application master key, from another device" (ZigBee Alliance 2008, p. 425)
  • 25. ZIGBEE EXPLOITED 25 ZBOSS /** Remote device asked us for key. Application keys are not implemented. Send current network key. Not sure: send unsecured? What is meaning of that command?? Maybe, idea is that we can accept "previous" nwk key? Or encrypt by it? */
  • 26. ZIGBEE EXPLOITED 26 ZBOSS /* Initiate unsecured key transfer. Not sure it is right, but I really have no ideas about request meaning of key for network key. */
  • 27. 27 TESTED DEVICES • Door Lock • Smart Home System • Lighting Solutions ZIGBEE EXPLOITED
  • 28. 28 RESULTS ALL tested systems only use the default TC Link Key for securing the initial key exchange No link keys are used or supported • Complete compromise after getting network key No ZigBee security configuration possibilities available No key rotation applied • Test period of 11 month ZIGBEE EXPLOITED
  • 29. 29 RESULTS Device reset often difficult • Removal of key material not guaranteed • One device does not support reset at all Light bulbs do not require physical interaction for pairing Workarounds like reduced transmission power are used to prevent pairing problems • Devices have to be in very close proximity for pairing ZIGBEE EXPLOITED
  • 31. ZIGBEE EXPLOITED SECBEE ZigBee security testing tool Target audience • Security testers • Developers Based on scapy-radio, µracoli and killerbee Raspbee USRP B210
  • 32. ZIGBEE EXPLOITED SECBEE Provides features for testing of security services as well as weak security configuration and implementation Raspbee USRP B210 • Support of encrypted communication • Command injection • Scan for weak key transport • Reset to factory • Join to network • Test security services
  • 35. ZIGBEE EXPLOITED 35 NETWORK KEY SNIFFING Fallback key exchange insecure Most vendors only implement fallback solution Same security level as plaintext exchange
  • 37. ZIGBEE EXPLOITED 37 NETWORK KEY SNIFFING So, the • Timeframe is limited • Proximity is necessary • Key extraction works only during pairing … what would an attacker do?
  • 39. 39 Wait for users to re-pair the device Jam the communication It is not only about technology :D ZIGBEE EXPLOITED
  • 43. ZIGBEE EXPLOITED 43 DEVICE HIJACKING Devices are paired and working • Identify the target device • Reset to factory default settings • Join the target device to our network
  • 44. ZIGBEE EXPLOITED 44 DEVICE HIJACKING No physical access is required No knowledge of the secret key is needed Usability overrules security
  • 45. 45 SUMMARY • Security measures provided are good • Requirements due to interoperability weaken the security level drastically • Vendors only implement the absolute minimum to be compliant • Usability overrules security ZIGBEE EXPLOITED
  • 46. 46 OWASP SOUND BYTES • Proper implementation of security measures is crucial - Compliance is not Security • Learn from history and do not rely on “Security by Obscurity” • There is a world beside TCP/IP ZIGBEE EXPLOITED
  • 48. TIME FOR QUESTIONS AND ANSWERS