The second and most overlooked attack is a physical attack on the actual Zigbee device. Zigbee devices are not very secure. They often store the network key information in plain text without encryption or password protection. Simple AT commands can often be used to retrieve this information if the device is physically accessible. All Zigbee devices in the network have access to the encryption keys so that packets can be encoded and decoded. As a result, an attacker only needs to find the weak link in the network and exploit it to gain access to the key information. Zigbee devices are often spread out and in remote locations. This creates an easy target …show more content…
ATTACK IMPLEMENTATION
This Section describes my attempts to attack a Zigbee network. For these tests I did not have access to a pure Zigbee device, so instead I used the XBee radio. Xbee’s use the same underlying 802.15.4 protocol but instead of the Zigbee protocol layers, they use their own networking and application layer protocols. The Xbee and Zigbee protocols are very similar. In addition to the Xbee devices, I also used the Texas Instruments CC2531 as an 802.15.4 packet sniffer.
The first attack that I tried to implement was a packet sniffing attack using the CC2531. This chipset is able to receive and decode 802.15.4 packets and pass them on to the computer’s network card so that they can be displayed in programs such as Wireshark. However, I ran into issues installing the device drivers for the sniffer. The sniffer only has drivers for Windows but I have an Apple computer. If the sniffer worked, I would be able to receive the raw 802.15.4 packets and pipe the data into the Zigbee decoder that was developed with the KillerBee framework. This software is able to extract the network key from the packet data [8]. Once the network key is pulled from the packet data it can be used gain access to the Zigbee