I'm A Newbie Yet I Can Hack ZigBee - Take Unauthorized Control Over ZigBee Devices

Presented at DEF CON 23 (2015), Aug. 8, 2015, 7 p.m. (60 minutes)

With the advent of the Internet of Things，more and more objects are connected via various communication protocols like Bluetooth，Z-wave，WiFi , ZigBee etc. Among those protocols ZigBee accounts for the largest market share，it has been adapted to various applications like WSN（Wireless Sensor Network），Smart Home . Over the last few years, large amount of research has been conducted on the security of ZigBee. In this presentation we will introduce a new technique to beat the security of ZigBee, we found the "signature" of the location of the security key . We will go through a specific example and share the thinking process along the way. The techniques used throughout this example can be generalized and used by other hardware reverse engineers.

Presenters:

• YANG Qing - Team Leader of Unicorn Team, Qihoo 360 Technology Co. Ltd.
  YANG Qing is the team leader of Unicorn Team in Qihoo 360 Technology Co. Ltd. He has rich experiences in wireless and hardware security area, including WiFi penetration testing, cellular network interception, IC card cracking etc. His interests also cover embedded system hacking, firmware reversing, automotive security, and software radio .He is the first one who reported the vulnerabilities of WiFi system and RF IC card system used in Beijing subway.
• LI Jun - Graduate student from CUIT(Chengdu University of Information Technology , Chengdu ,China),Intern at Qihoo 360 Technology Co. Ltd.
  LI Jun is currently a hardware security intern in Unicorn Team of Qihoo 360 ,China. He is also a second year graduate student at Chengdu University of Information Technology. He received his bachelor’s degree from University of Electronic Science and Technology of China in 2013.During his college life, he switched between different majors, 2 years in Automobile Electronics,2 years in Electronic and Electric Engineering. He is interested in the security of the Internet of Things and the security of automobile electronics. Linkedin: LI Jun Weibo: GoRushing Twitter：@bravo_fighter
• Qing Yang   as Qing YANG

Links:

• https://defcon.org/html/defcon-23/dc-23-speakers.html#Li
• https://infocon.org/cons/DEF CON/DEF CON 23/DEF CON 23 video and slides/DEF CON 23 - Qing YANG - Im A Newbie Yet I Can Hack ZigBee - Video and Slides.srt (subtitles)
• https://infocon.org/cons/DEF CON/DEF CON 23/DEF CON 23 video and slides/DEF CON 23 - Qing YANG - Im A Newbie Yet I Can Hack ZigBee - Video and Slides.mp4 (Video and Slides)
• https://www.youtube.com/watch?v=xgNT05l6Jlw

Similar Presentations:

• Nuit du Hack 2016 / Revue de sécurité du protocole ZigBee d'une box TV française
• Black Hat USA 2015 / ZigBee Exploited the Good, the Bad, and the Ugly
• DeepSec 2015 „DeepSec No. 9“ / ZigBee Smart Homes - A Hacker's Open House