With the rapid evolution of technology, the concept of The Internet of Things (IoT) has risen again, and daily necessities, terminal equipment, and household appliances around the world have gradually been given the ability to connect to the Internet. However, as one of the important wireless interconnection standards widely used to connect the above devices, ZigBee technology has been exposed to serious security vulnerabilities at the recent 2015 Black Hat Conference (BlackHat2015), which has aroused widespread concern in the industry.
ZigBee is exposed to serious security vulnerabilities
ZigBee is a low-cost, low-power, close-range wireless networking communication technology. Since the name (ZigBee, Zig "å—¡å—¡", Bee "bee") comes from the bee's splay, the agreement is also known as the Zigbee protocol. On the theoretical level, it is a low-power LAN protocol based on the IEEE802.15.4 standard. It is mainly suitable for the field of automatic control and remote control. It can be embedded in various devices for data transmission and transmission. At present, the ZigBee protocol has been widely used in a large number of emerging IoT devices such as smart light bulbs, smart door locks, motion sensors, and temperature sensors.
ZigBee is one of the most important wireless communication protocols at present.
However, while companies are still focusing on the connectivity and compatibility of the above devices, they have not noticed that some common communication protocols are lagging behind in terms of security progress. No, at the just-concluded 2015 Black Hat Conference, security researchers pointed out that there is a serious flaw in the implementation of ZigBee technology. The defect involves multiple types of devices, and hackers may compromise the ZigBee network and "take over control of all connected devices within the network."
Researchers say that the practice security analysis obtained from each device evaluation shows that using ZigBee technology brings convenience to the fast networking of devices, but due to the lack of effective security configuration options, the device has loopholes in the pairing process. The hacker will have the opportunity to sniff out the exchange key of the network from the outside. The security of the ZigBee network depends entirely on the confidentiality of the network key, so the impact of this vulnerability will be very serious.
The hard injury is actually due to the use of the default link key
In the analysis of security personnel, they pointed out that the specific problem is that the ZigBee protocol standard requires support for the transmission of insecure initial keys, plus the manufacturer's use of the default link key - so that hackers have the opportunity to invade the network, through Sniffing a device to crack a user profile and join the network with the default link key.
However, the use of the default link key poses a significant risk to the confidentiality of the network key. Because the security of ZigBee relies heavily on the confidentiality of the key, that is, the initialization and transmission process of the encryption key security, the default key usage mechanism of the reversing vehicle must be regarded as a serious risk.
Security personnel said that if an attacker can sniff a device and join the network using the default link key, then the network's active key is no longer secure, and the entire network's communication confidentiality can be determined to be unsafe.
In fact, the design problem of the ZigBee protocol standard itself is not the cause of the above vulnerability. The root causes of these vulnerabilities are more directed to the need for manufacturers to produce devices that are easy to use and work seamlessly with other networked devices, while minimizing equipment costs, regardless of the need for security Security considerations.
Security personnel pointed out that in tests on smart light bulbs, smart door locks, motion sensors, temperature sensors, etc., vendors of these devices have deployed only a minimum number of features requiring authentication. Other options to increase security levels have not been deployed and are not open to end users. The seriousness of the security risks brought about by this situation will be very high.
In summary, just as wireless routers expose security vulnerabilities with default administrative passwords, the ZigBee protocol now deployed in a large number of smart devices is also abused by device manufacturers, resulting in the exposure of home or enterprise-level interconnected devices using the protocol. Under the shackles of malicious attackers. It can be seen that while ensuring the excellent interoperability and popularity of smart devices, how to provide consumers with a reliable protection at the security level is what the current smart device manufacturers should do.
Drone Remote Controller, Drone Raido Transmitter,UAV Radio Transmitter,Drone Receiver from 6 Channels to 14 Channels. The transmitter range from 1km to 20Km. Such as VD32 and AK28 Android Radio Transmitter intergrated the video link. PWM,S-Bus Dual Mode adjust able.
Drone Remote Controller
Drone Remote Controller, Drone Raido Transmitter,UAV Radio Transmitter,Drone Receiver
shenzhen GC Electronics Co.,Ltd. , https://www.jmrdrone.com