The Internet of Things Exploit Research Series: ZigBee – Part 1
The problem with skeptical views of IoT adoption is that they induce delusions of a rapidly approaching Orwellian dystopia of sorts. Misgivings are understandable, what with the barrage of criticism from the academia and frenzied media accounts of connected car hacks and ‘Creepware’ webcams in recent times. But the real cause of fear as we see it is the lack of solid assurance from developers and deployers beyond the patching of exposed vulnerabilities. Secure or not, the production of IoT infrastructure for home automation and operational technology is not about to slow down.
Makers of consumer IoT cannot bank on their incipient hype to gain and retain patronage. The security of embedded systems must seek to assure users that their smart device is what they believe it is and will stay that way. In this series, we set out to assess the congruity of best practices in designing a secure set-up based on the ZigBee Alliance’s Home Automation Profile operating in the Residential Mode.
Compatible with both Wi-Fi and IP, ZigBee is clearly becoming the technology of choice for smart home technology innovators. ZigBee networks use trust center architecture for authentication and validation of devices that request to communicate. In the Residential mode, ZigBee nodes are susceptible to not only to attacks with intent to intercept, tamper or destroy data but also to physical attacks since they are increasingly used in building control systems for critical infrastructure and home security systems.
How to achieve resilience in the ZigBee Residential Mode?