Although Zigbee implements a wide assortment of security measures, there are still a variety of vulnerabilities and attack methods that can be used. These attacks and how they can be carried out will be described in this Section.
The first and possibly easiest attack to implement is the denial of service attack. These types of attacks overload the network such that service is denied to the network’s end users. In a typical wired network this is accomplished by having a huge number nodes simultaneously requesting data from a server. The server will not be able to process all of the requests and valid requests will be dropped. In Zigbee networks this attack is made significantly easier because Zigbee operates in the wireless domain. Valid users can be denied service to the network simply by creating noise on the wireless channel. This noise creates errors in…
Although the Zigbee protocol implements the Advanced Encryption Standard (AES) protocol the initial key exchange is not protected against sniffing. The network keys are often exchanged in plain text or are encoded using the default factory key. Consequently, if an attacker were to sniff the initial exchange of packets, that attacker would be able to gain access to the network keys and the entire network. The difficulty with this type of attack is that the key exchange only occurs when a new node registers with the network. After this initial exchange all packets are encoded. The trick for these types of attacks, is forcing the network to enter an initialization state. This can be accomplished by creating RF interference that will result in dropped packets. After a certain number of dropped packets a wireless node will think that it has lost connection to the network and will try to reconnect. Then when this occurs the network key can be sniffed. These types of attacks have been carried out by a large number of security researchers [6, 7, 8, 9,…
