Don't Be Silly - It's Only a Lightbulb

Presented at DEF CON 28 (2020) Virtual, Aug. 7, 2020, 3:30 p.m. (30 minutes)

A few years ago, a team of academic researchers showed how they can take over and control smart lightbulbs, and how this in turn allows them to create a chain reaction that can spread throughout a modern city. Their research brought up an interesting question: aside from triggering a blackout (and maybe a few epilepsy seizures), could these lightbulbs pose a serious risk to our network security? Could attackers somehow bridge the gap between the physical IoT network (the lightbulbs) and even more appealing targets, such as the computer network in our homes, offices or even our smart cities? We're here to tell you the answer is: Yes. Join us as we take a deep dive into the world of ZigBee IoT devices. Continuing from where the previous research left off, we go right to the core: the smart hub that acts as a bridge between the IP network and the ZigBee network. And let me tell you this, this harsh embedded environment is surely not on our side. With a maximal message size of less than 128 bytes, complex state machines and various strict timing constraints, this challenge is going to be tough. After a long journey, we finally made it. By masquerading as a legitimate ZigBee lightbulb, we were able to exploit vulnerabilities we found in the bridge, which enabled us to infiltrate the lucrative IP network using a remote over-the-air ZigBee exploit.

Presenters:

• Eyal Itkin - Vulnerability Researcher at Check Point Software Technologies
  Eyal Itkin is a vulnerability researcher in the Malware and Vulnerability Research group at Check Point Software Technologies. Eyal has an extensive background in security research, that includes years of experience in embedded network devices and protocols, bug bounties from all popular interpreter languages, and an award by Microsoft for his CFG enhancement white paper. When not breaking RDP or FAX, he loves bouldering, swimming, and thinking about the next target for his research. @EyalItkin

Links:

• https://defcon.org/html/defcon-safemode/dc-safemode-speakers.html#Itkin
• https://infocon.org/cons/DEF CON/DEF CON 28/DEF CON Safe Mode video and slides/DEF CON Safe Mode - Eyal Itkin - Don't Be Silly It's Only a Lightbulb - Demo.mp4
• https://infocon.org/cons/DEF CON/DEF CON 28/DEF CON Safe Mode video and slides/DEF CON Safe Mode - Eyal Itkin - Don't Be Silly It's Only a Lightbulb - Q&A.mp4
• https://infocon.org/cons/DEF CON/DEF CON 28/DEF CON Safe Mode video and slides/DEF CON Safe Mode - Eyal Itkin - Don't Be Silly It's Only a Lightbulb.mp4
• https://infocon.org/cons/DEF CON/DEF CON 28/DEF CON Safe Mode video and slides/DEF CON Safe Mode - Eyal Itkin - Don't Be Silly It's Only a Lightbulb.srt (subtitles)
• https://www.youtube.com/watch?v=iMxquCdAMWI

Similar Presentations:

• DEF CON 23 (2015) / I'm A Newbie Yet I Can Hack ZigBee - Take Unauthorized Control Over ZigBee Devices
• Black Hat USA 2015 / ZigBee Exploited the Good, the Bad, and the Ugly
• DeepSec 2015 „DeepSec No. 9“ / ZigBee Smart Homes - A Hacker's Open House