With the rapid evolution of technology, the concept of the Internet of Things (IoT) has risen again, and the daily necessities, terminal equipment, and household appliances around people have gradually been given the ability to connect to the network. However, as one of the important wireless interconnection standards widely used to connect the above-mentioned devices, ZigBee technology was exposed to serious security vulnerabilities at the recent Black Hat Conference (BlackHat2015), which aroused widespread concern in the industry. There are two ways for Zigbee to allocate addresses. One is to allocate addresses through Assoc at the MAC layer. Zigbee's coordinator or router consumes an address space. The other method is Rejoin. The device actively generates an address and registers it in the Zigbee network. This method is usually for a Zigbee device that has already connected to the network to switch the parent node. The routing address can be obtained from the parent node through Rejoin. The node can refresh the routing table synchronously. Usually Zigbee's Rejoin is encrypted, but it also supports non-encryption. Rejoin is the method of the NWK layer. What if you keep sending a Rejoin command to a coordinator and changing the MAC address of the node? A malicious device can continuously forge its own MAC address and produce a 16-bit short address, and then search for all coordinators and routers in the network. The coordinator and router will allocate routing table space for this malicious device, and the child node table of this coordinator will be full, making it unable to add new devices. Similarly, if the routing is sent, the result will be more dangerous, which will lead to normal nodes. Cannot switch to another route. As a result, the routing table of the entire Zigbee network will be consumed. The only solution is to add a MAC address filter to Zigbee to intercept some unauthenticated MACs. Mainly used in fields such as the Internet of Things and smart hardware. However, while companies are still focusing on the connectivity and compatibility of the above-mentioned devices, they have not noticed that the progress in security of some commonly used communication protocols is lagging. No, at the Black Hat Conference shortly after its conclusion, some security researchers pointed out that there is a serious flaw in the implementation of ZigBee technology. The flaw involves multiple types of devices, and hackers may use this to harm the ZigBee network and "take over the control of all interconnected devices in the network." The researchers said that the practical security analysis obtained through the evaluation of each device shows that although the use of ZigBee technology brings convenience to the fast networking of the device, the lack of effective security configuration options causes the device to have loopholes in the pairing process. Hackers will have the opportunity to sniff out the exchange key of the network from the outside. The security of the ZigBee network depends entirely on the confidentiality of the network key, so the impact of this vulnerability will be very serious. In the analysis of security personnel, they pointed out that the specific problem is that the ZigBee protocol standard requires support for the transmission of insecure initial keys, coupled with the manufacturer’s use of the default link key-giving hackers the opportunity to invade the network and pass Sniff a device to crack the user configuration file and use the default link key to join the network. However, the use of the default link key brings great risks to the confidentiality of the network key. Because the security of ZigBee relies heavily on the confidentiality of the key, that is, the secure initialization and transmission process of the encryption key, this default key use mechanism for driving back and forth must be regarded as a serious risk. Security personnel said that if an attacker can sniff a device and use the default link key to join the network, the key in use of the network is no longer secure, and the communication confidentiality of the entire network can also be judged as insecure. In fact, the design problem of the ZigBee protocol standard itself is not the cause of the above-mentioned vulnerabilities. The root cause of the above-mentioned vulnerabilities is more pointed to. Because manufacturers want to produce convenient and easy-to-use devices that can work seamlessly with other networked devices, while at the same time, they must minimize the cost of equipment, regardless of the need for security. Security considerations. Security personnel's summary of ZigBee vulnerabilities Security personnel pointed out that in tests done on smart bulbs, smart door locks, motion sensors, temperature sensors, etc., the suppliers of these devices have only deployed a minimum number of functions that require certification. Other options to increase security levels have not been deployed, nor are they open to end users. The seriousness of the hidden dangers brought about by this situation will be very high. Customized Laboratory Testing Instruments Wuxi Lerin New Energy Technology Co.,Ltd. , https://www.lerin-tech.com
