Zigator: analyzing the security of zigbee-enabled smart homes

As the popularity of Internet-connected devices for residential use increases, it is important to ensure that they meet appropriate security goals, given that they interact with the physical world through sensors and actuators. Zigbee is a wireless communication protocol that is commonly used in smart home environments, which builds on top of the IEEE 802.15.4 standard. In this work we present a security analysis tool, called Zigator, that enables in-depth study of Zigbee networks. In particular, we study the security consequences of the design choice to disable MAC-layer security in centralized Zigbee networks. We show that valuable information can be gained from passive inspection of Zigbee traffic, including the identification of certain encrypted NWK commands, which we then use to develop selective jamming and spoofing attacks. An attacker may launch these attacks in order to force the end user to factory reset targeted devices and eventually expose the network key. We validated our attacks by setting up a testbed, using open-source tools, that incorporates commercial Zigbee devices. Finally, we publicly release the software tools that we developed and the Zigbee packets that we captured, to contribute back to the research community.