SlideShare a Scribd company logo

Qa

Download as TXT, PDF
Ashok Yadav
Ashok Yadav
1 of 1
ZigBee (IEEE 802.15.4) is far more popular than Bluetooth, Wi-Fi or DECT for these kind of scenarios, as it is simpler to implement – the complete stack requires only 120 KB of space – and because the wireless technology uses significantly less energy. Wright, however, concludes that "When both simplicity and low cost are goals, security suffers." KillerBee includes a number of tools which, taken together, look at lot like the sort of attack programs familiar from Wi-Fi environments. According to Wright, the security problems and the errors that underlie them, are reminiscent of the design problems which dogged Wi-Fi. ZigBee offers no protection against replay attacks, in which an attacker simply resends recorded packets to the network. Wright's succinct comment, "Wi-Fi was dogged by the same errors – but that was 15 years ago." KillerBee includes applications for sniffing out any ZigBee devices in the surrounding area (zbid), for recording data streams from the wireless network (zbdump) and for replaying recorded data streams (zbreplay). Replaying packets could, according to Wright, be useful in contexts such as locks networked using ZigBee. An attacker would merely need to record the data transmitted from the lock to a control server located in the building at the moment at which a door is opened. Sending this sequence to the server via ZigBee at a later date should cause the lock to open again. KillerBee also includes a program for cracking the secret key stored in ZigBee devices. Since many ZigBee devices have no display or keypad, the code required for encryption is frequently stored in factory-set Flash memory. Where keys are exchanged over the air (OTA), they are exchanged in unencrypted form and can easily by recorded using zbdump. Recordings can be subsequently analysed in Wireshark without difficulty. zbgoodfind uses a memory dump generated using sniffer hardware developed by Travis Goodspeed to crack stored keys. Wright's tools all work with the Atmel AVR RZ USBStick ZigBee USB stick, which costs just under $40, though if you want to record and be able to replay data simultaneously, you'll need two. To replay data, you'll also need to overwrite the device's firmware, for which you'll need an on-chip debugger and programmer, such as Atmel's AVR JTAG ICE mkII, a clone version of which can be picked up for around 50 euros. Wright is not officially selling pre-flashed sticks, but intimated to heise Security, The H's associates in Germany, that he was sure he could help out in 'individual cases'.

Recommended

Introduction To NIDS
Introduction To NIDSIntroduction To NIDS
Introduction To NIDS
Michael Boman
 
Bosch Connected Experience - Sigfox Presentation
Bosch Connected Experience - Sigfox PresentationBosch Connected Experience - Sigfox Presentation
Bosch Connected Experience - Sigfox Presentation
Nicolas Lesconnec
 
Sigfox World Expo - Advanced Workshop
Sigfox World Expo - Advanced WorkshopSigfox World Expo - Advanced Workshop
Sigfox World Expo - Advanced Workshop
Nicolas Lesconnec
 
What is Brillo
What is BrilloWhat is Brillo
What is Brillo
Jalal Rohani
 
Ubucon 2016: Internet of self updated things
Ubucon 2016: Internet of self updated thingsUbucon 2016: Internet of self updated things
Ubucon 2016: Internet of self updated things
Thibaut Rouffineau
 
Sigfox x Arduino Workshop
Sigfox x Arduino Workshop Sigfox x Arduino Workshop
Sigfox x Arduino Workshop
Nicolas Lesconnec
 
Global Azure Bootcamp 2019 - Bandung - Microsoft Azure as Complete Solutions ...
Global Azure Bootcamp 2019 - Bandung - Microsoft Azure as Complete Solutions ...Global Azure Bootcamp 2019 - Bandung - Microsoft Azure as Complete Solutions ...
Global Azure Bootcamp 2019 - Bandung - Microsoft Azure as Complete Solutions ...
Alwin Arrasyid
 
Brute forcing Wi-Fi Protected Setup
Brute forcing Wi-Fi Protected SetupBrute forcing Wi-Fi Protected Setup
Brute forcing Wi-Fi Protected Setup
Scientia Groups
 

Recommended

Introduction To NIDS
Introduction To NIDSIntroduction To NIDS
Introduction To NIDS
Michael Boman
 
Bosch Connected Experience - Sigfox Presentation
Bosch Connected Experience - Sigfox PresentationBosch Connected Experience - Sigfox Presentation
Bosch Connected Experience - Sigfox Presentation
Nicolas Lesconnec
 
Sigfox World Expo - Advanced Workshop
Sigfox World Expo - Advanced WorkshopSigfox World Expo - Advanced Workshop
Sigfox World Expo - Advanced Workshop
Nicolas Lesconnec
 
What is Brillo
What is BrilloWhat is Brillo
What is Brillo
Jalal Rohani
 
Ubucon 2016: Internet of self updated things
Ubucon 2016: Internet of self updated thingsUbucon 2016: Internet of self updated things
Ubucon 2016: Internet of self updated things
Thibaut Rouffineau
 
Sigfox x Arduino Workshop
Sigfox x Arduino Workshop Sigfox x Arduino Workshop
Sigfox x Arduino Workshop
Nicolas Lesconnec
 
Global Azure Bootcamp 2019 - Bandung - Microsoft Azure as Complete Solutions ...
Global Azure Bootcamp 2019 - Bandung - Microsoft Azure as Complete Solutions ...Global Azure Bootcamp 2019 - Bandung - Microsoft Azure as Complete Solutions ...
Global Azure Bootcamp 2019 - Bandung - Microsoft Azure as Complete Solutions ...
Alwin Arrasyid
 
Brute forcing Wi-Fi Protected Setup
Brute forcing Wi-Fi Protected SetupBrute forcing Wi-Fi Protected Setup
Brute forcing Wi-Fi Protected Setup
Scientia Groups
 
Meraki Virtual Hackathon: app for Splunk Phantom
Meraki Virtual Hackathon: app for Splunk PhantomMeraki Virtual Hackathon: app for Splunk Phantom
Meraki Virtual Hackathon: app for Splunk Phantom
Joel W. King
 
Developing Robust IoT Gateway Applications from Building Blocks
Developing Robust IoT Gateway Applications from Building BlocksDeveloping Robust IoT Gateway Applications from Building Blocks
Developing Robust IoT Gateway Applications from Building Blocks
Frank Alexander Kraemer
 
Sigfox Makers Tour - Mexico City
Sigfox Makers Tour - Mexico CitySigfox Makers Tour - Mexico City
Sigfox Makers Tour - Mexico City
Nicolas Lesconnec
 
Windows 10 IoT Core on Raspberry Pi 2 Usine IO
Windows 10 IoT Core on Raspberry Pi 2 Usine IOWindows 10 IoT Core on Raspberry Pi 2 Usine IO
Windows 10 IoT Core on Raspberry Pi 2 Usine IO
Alex Danvy
 
ciso-platform-annual-summit-2013-Fgont-ipv6-myths-dynamic
ciso-platform-annual-summit-2013-Fgont-ipv6-myths-dynamicciso-platform-annual-summit-2013-Fgont-ipv6-myths-dynamic
ciso-platform-annual-summit-2013-Fgont-ipv6-myths-dynamic
Priyanka Aash
 
Presentation
PresentationPresentation
Presentation
joelvivekbandi
 
[May 2018] Sigfox Technology Overview
[May 2018] Sigfox Technology Overview[May 2018] Sigfox Technology Overview
[May 2018] Sigfox Technology Overview
Nicolas Lesconnec
 
LoRa/LRSC Bridge for Bluemix and Watson IoT Plattform Some changes are not ye...
LoRa/LRSC Bridge for Bluemix and Watson IoT Plattform Some changes are not ye...LoRa/LRSC Bridge for Bluemix and Watson IoT Plattform Some changes are not ye...
LoRa/LRSC Bridge for Bluemix and Watson IoT Plattform Some changes are not ye...
Markus Van Kempen
 
Cracking WPA/WPA2 with Non-Dictionary Attacks
Cracking WPA/WPA2 with Non-Dictionary AttacksCracking WPA/WPA2 with Non-Dictionary Attacks
Cracking WPA/WPA2 with Non-Dictionary Attacks
n|u - The Open Security Community
 
Cloud Native Driving 5G - COSCUP
Cloud Native Driving 5G - COSCUPCloud Native Driving 5G - COSCUP
Cloud Native Driving 5G - COSCUP
Jian-Hao Chen
 
WIFI Hacking
WIFI HackingWIFI Hacking
WIFI Hacking
Suraj Bohara
 
Introduction to Mbed - Etteplan seminar - August 2018
Introduction to Mbed - Etteplan seminar - August 2018Introduction to Mbed - Etteplan seminar - August 2018
Introduction to Mbed - Etteplan seminar - August 2018
Jan Jongboom
 
Attack presentation
Attack presentationAttack presentation
Attack presentation
Frikha Nour
 
2019 - Colloque National Enseignants DUT GEII
2019 - Colloque National Enseignants DUT GEII2019 - Colloque National Enseignants DUT GEII
2019 - Colloque National Enseignants DUT GEII
Nicolas Lesconnec
 
Mikael Falkvidd IoT - Stena AB Faster Forward
Mikael Falkvidd IoT - Stena AB Faster ForwardMikael Falkvidd IoT - Stena AB Faster Forward
Mikael Falkvidd IoT - Stena AB Faster Forward
Mikael Falkvidd
 
SIGFOX basics for Intel IoT Roadshow
SIGFOX basics for Intel IoT RoadshowSIGFOX basics for Intel IoT Roadshow
SIGFOX basics for Intel IoT Roadshow
Nicolas Lesconnec
 
I pv6 better than IPv4 but why ?
I pv6 better than IPv4 but why ?I pv6 better than IPv4 but why ?
I pv6 better than IPv4 but why ?
Fred Bovy
 
DotNetToscana - Azure IoT Hub - Il Concentratore
DotNetToscana - Azure IoT Hub - Il ConcentratoreDotNetToscana - Azure IoT Hub - Il Concentratore
DotNetToscana - Azure IoT Hub - Il Concentratore
Riccardo Cappello
 
Connecting the world with Sigfox
Connecting the world with SigfoxConnecting the world with Sigfox
Connecting the world with Sigfox
Nicolas Lesconnec
 
It’s in the Air(waves): Deconstructing 2017’s Biggest RF Attacks
It’s in the Air(waves): Deconstructing 2017’s Biggest RF AttacksIt’s in the Air(waves): Deconstructing 2017’s Biggest RF Attacks
It’s in the Air(waves): Deconstructing 2017’s Biggest RF Attacks
Priyanka Aash
 
Zig bee
Zig beeZig bee
Zig bee
Ghanshyam Dusane
 
Zigbee technology
Zigbee technologyZigbee technology
Zigbee technology
manjuinjeti
 

More Related Content

What's hot

Developing Robust IoT Gateway Applications from Building Blocks
Developing Robust IoT Gateway Applications from Building BlocksDeveloping Robust IoT Gateway Applications from Building Blocks
Developing Robust IoT Gateway Applications from Building Blocks
Frank Alexander Kraemer
 
I pv6 better than IPv4 but why ?
I pv6 better than IPv4 but why ?I pv6 better than IPv4 but why ?
I pv6 better than IPv4 but why ?
Fred Bovy
 

What's hot (20)

Meraki Virtual Hackathon: app for Splunk Phantom
Meraki Virtual Hackathon: app for Splunk PhantomMeraki Virtual Hackathon: app for Splunk Phantom
Meraki Virtual Hackathon: app for Splunk Phantom
 
Developing Robust IoT Gateway Applications from Building Blocks
Developing Robust IoT Gateway Applications from Building BlocksDeveloping Robust IoT Gateway Applications from Building Blocks
Developing Robust IoT Gateway Applications from Building Blocks
 
Sigfox Makers Tour - Mexico City
Sigfox Makers Tour - Mexico CitySigfox Makers Tour - Mexico City
Sigfox Makers Tour - Mexico City
 
Windows 10 IoT Core on Raspberry Pi 2 Usine IO
Windows 10 IoT Core on Raspberry Pi 2 Usine IOWindows 10 IoT Core on Raspberry Pi 2 Usine IO
Windows 10 IoT Core on Raspberry Pi 2 Usine IO
 
ciso-platform-annual-summit-2013-Fgont-ipv6-myths-dynamic
ciso-platform-annual-summit-2013-Fgont-ipv6-myths-dynamicciso-platform-annual-summit-2013-Fgont-ipv6-myths-dynamic
ciso-platform-annual-summit-2013-Fgont-ipv6-myths-dynamic
 
Presentation
PresentationPresentation
Presentation
 
[May 2018] Sigfox Technology Overview
[May 2018] Sigfox Technology Overview[May 2018] Sigfox Technology Overview
[May 2018] Sigfox Technology Overview
 
LoRa/LRSC Bridge for Bluemix and Watson IoT Plattform Some changes are not ye...
LoRa/LRSC Bridge for Bluemix and Watson IoT Plattform Some changes are not ye...LoRa/LRSC Bridge for Bluemix and Watson IoT Plattform Some changes are not ye...
LoRa/LRSC Bridge for Bluemix and Watson IoT Plattform Some changes are not ye...
 
Cracking WPA/WPA2 with Non-Dictionary Attacks
Cracking WPA/WPA2 with Non-Dictionary AttacksCracking WPA/WPA2 with Non-Dictionary Attacks
Cracking WPA/WPA2 with Non-Dictionary Attacks
 
Cloud Native Driving 5G - COSCUP
Cloud Native Driving 5G - COSCUPCloud Native Driving 5G - COSCUP
Cloud Native Driving 5G - COSCUP
 
WIFI Hacking
WIFI HackingWIFI Hacking
WIFI Hacking
 
Introduction to Mbed - Etteplan seminar - August 2018
Introduction to Mbed - Etteplan seminar - August 2018Introduction to Mbed - Etteplan seminar - August 2018
Introduction to Mbed - Etteplan seminar - August 2018
 
Attack presentation
Attack presentationAttack presentation
Attack presentation
 
2019 - Colloque National Enseignants DUT GEII
2019 - Colloque National Enseignants DUT GEII2019 - Colloque National Enseignants DUT GEII
2019 - Colloque National Enseignants DUT GEII
 
Mikael Falkvidd IoT - Stena AB Faster Forward
Mikael Falkvidd IoT - Stena AB Faster ForwardMikael Falkvidd IoT - Stena AB Faster Forward
Mikael Falkvidd IoT - Stena AB Faster Forward
 
SIGFOX basics for Intel IoT Roadshow
SIGFOX basics for Intel IoT RoadshowSIGFOX basics for Intel IoT Roadshow
SIGFOX basics for Intel IoT Roadshow
 
I pv6 better than IPv4 but why ?
I pv6 better than IPv4 but why ?I pv6 better than IPv4 but why ?
I pv6 better than IPv4 but why ?
 
DotNetToscana - Azure IoT Hub - Il Concentratore
DotNetToscana - Azure IoT Hub - Il ConcentratoreDotNetToscana - Azure IoT Hub - Il Concentratore
DotNetToscana - Azure IoT Hub - Il Concentratore
 
Connecting the world with Sigfox
Connecting the world with SigfoxConnecting the world with Sigfox
Connecting the world with Sigfox
 
It’s in the Air(waves): Deconstructing 2017’s Biggest RF Attacks
It’s in the Air(waves): Deconstructing 2017’s Biggest RF AttacksIt’s in the Air(waves): Deconstructing 2017’s Biggest RF Attacks
It’s in the Air(waves): Deconstructing 2017’s Biggest RF Attacks
 

Similar to Qa

Zigbee technology
Zigbee technologyZigbee technology
Zigbee technology
manjuinjeti
 

Similar to Qa (20)

Zig bee
Zig beeZig bee
Zig bee
 
Zigbee technology
Zigbee technologyZigbee technology
Zigbee technology
 
ioT-SecurityECC-v1
ioT-SecurityECC-v1ioT-SecurityECC-v1
ioT-SecurityECC-v1
 
IoT security zigbee -- Null Meet bangalore
IoT security zigbee -- Null Meet bangaloreIoT security zigbee -- Null Meet bangalore
IoT security zigbee -- Null Meet bangalore
 
Deauthentication Attack with Node MCU & Esp8266
Deauthentication Attack with Node MCU & Esp8266Deauthentication Attack with Node MCU & Esp8266
Deauthentication Attack with Node MCU & Esp8266
 
Make Your Own IoT Device by ZigBee
Make Your Own IoT Device by ZigBeeMake Your Own IoT Device by ZigBee
Make Your Own IoT Device by ZigBee
 
Wi-FI Hacking
Wi-FI Hacking Wi-FI Hacking
Wi-FI Hacking
 
Zigbee with home automation
Zigbee with home automationZigbee with home automation
Zigbee with home automation
 
Zig Bee
Zig BeeZig Bee
Zig Bee
 
ZigBee Technology
ZigBee TechnologyZigBee Technology
ZigBee Technology
 
DEFCON 23 - Li Jun Yang Ging - I’M A NEWBIE YET I CAN HACK ZIGBEE
DEFCON 23 - Li Jun Yang Ging - I’M A NEWBIE YET I CAN HACK ZIGBEEDEFCON 23 - Li Jun Yang Ging - I’M A NEWBIE YET I CAN HACK ZIGBEE
DEFCON 23 - Li Jun Yang Ging - I’M A NEWBIE YET I CAN HACK ZIGBEE
 
Wi fi
Wi fiWi fi
Wi fi
 
Zigbee ppt
Zigbee pptZigbee ppt
Zigbee ppt
 
Introduction to zigbee
Introduction to zigbeeIntroduction to zigbee
Introduction to zigbee
 
Zigbee intro
Zigbee introZigbee intro
Zigbee intro
 
ZIGBEE TECHNOLOGY ppt
ZIGBEE TECHNOLOGY pptZIGBEE TECHNOLOGY ppt
ZIGBEE TECHNOLOGY ppt
 
D2 d wifi
D2 d wifiD2 d wifi
D2 d wifi
 
IoT security is a nightmare. But what is the real risk?
IoT security is a nightmare. But what is the real risk?IoT security is a nightmare. But what is the real risk?
IoT security is a nightmare. But what is the real risk?
 
Zigbee Technology
Zigbee TechnologyZigbee Technology
Zigbee Technology
 
ZIGBEE NETWORKS
ZIGBEE NETWORKSZIGBEE NETWORKS
ZIGBEE NETWORKS
 

Qa

  • 1. ZigBee (IEEE 802.15.4) is far more popular than Bluetooth, Wi-Fi or DECT for these kind of scenarios, as it is simpler to implement – the complete stack requires only 120 KB of space – and because the wireless technology uses significantly less energy. Wright, however, concludes that "When both simplicity and low cost are goals, security suffers." KillerBee includes a number of tools which, taken together, look at lot like the sort of attack programs familiar from Wi-Fi environments. According to Wright, the security problems and the errors that underlie them, are reminiscent of the design problems which dogged Wi-Fi. ZigBee offers no protection against replay attacks, in which an attacker simply resends recorded packets to the network. Wright's succinct comment, "Wi-Fi was dogged by the same errors – but that was 15 years ago." KillerBee includes applications for sniffing out any ZigBee devices in the surrounding area (zbid), for recording data streams from the wireless network (zbdump) and for replaying recorded data streams (zbreplay). Replaying packets could, according to Wright, be useful in contexts such as locks networked using ZigBee. An attacker would merely need to record the data transmitted from the lock to a control server located in the building at the moment at which a door is opened. Sending this sequence to the server via ZigBee at a later date should cause the lock to open again. KillerBee also includes a program for cracking the secret key stored in ZigBee devices. Since many ZigBee devices have no display or keypad, the code required for encryption is frequently stored in factory-set Flash memory. Where keys are exchanged over the air (OTA), they are exchanged in unencrypted form and can easily by recorded using zbdump. Recordings can be subsequently analysed in Wireshark without difficulty. zbgoodfind uses a memory dump generated using sniffer hardware developed by Travis Goodspeed to crack stored keys. Wright's tools all work with the Atmel AVR RZ USBStick ZigBee USB stick, which costs just under $40, though if you want to record and be able to replay data simultaneously, you'll need two. To replay data, you'll also need to overwrite the device's firmware, for which you'll need an on-chip debugger and programmer, such as Atmel's AVR JTAG ICE mkII, a clone version of which can be picked up for around 50 euros. Wright is not officially selling pre-flashed sticks, but intimated to heise Security, The H's associates in Germany, that he was sure he could help out in 'individual cases'.