IOT failure - again
-
@Dashrender said in IOT failure - again:
The whole hack takes place over the ZigBee network, so you can't protect it with firewalls, etc.
How does a firewall not continue to protect? I'm no ZB expert, but shouldn't that still work?
-
How are they getting into the ZB network in the first place?
-
@scottalanmiller said in IOT failure - again:
How are they getting into the ZB network in the first place?
Zigbee builds a wireless mesh network between devices.
-
@brianlittlejohn said in IOT failure - again:
@scottalanmiller said in IOT failure - again:
How are they getting into the ZB network in the first place?
Zigbee builds a wireless mesh network between devices.
With security, though. There are keys between them.
-
@brianlittlejohn said in IOT failure - again:
@scottalanmiller said in IOT failure - again:
How are they getting into the ZB network in the first place?
Zigbee builds a wireless mesh network between devices.
Right, ,Zigbee is it's own connection that's not WiFi connection. With the mesh network they talk to each other and whatever basestations are in place.
The attack starts by an attacker getting withing 400 meters of a bulb allows them to connect to it, and upload the virus, that bulb then attaches to anything within range, again 400 m, and passes the virus (worm) around to other devices.
If the devices are close enough, you could blanket a whole city by infecting one device, this isn't that likely because they aren't deployed large enough yet.. but you get the idea.
-
@scottalanmiller said in IOT failure - again:
@brianlittlejohn said in IOT failure - again:
@scottalanmiller said in IOT failure - again:
How are they getting into the ZB network in the first place?
Zigbee builds a wireless mesh network between devices.
With security, though. There are keys between them.
Apparently that is trivial to bypass.
-
@Dashrender said in IOT failure - again:
@scottalanmiller said in IOT failure - again:
@brianlittlejohn said in IOT failure - again:
@scottalanmiller said in IOT failure - again:
How are they getting into the ZB network in the first place?
Zigbee builds a wireless mesh network between devices.
With security, though. There are keys between them.
Apparently that is trivial to bypass.
You can mixing concepts. All that we know is that the bulbs themselves are wide open. That tells us literally nothing about the security vulnerabilities of ZigBee. That the bulbs are not secured doesn't suggest that ZB is the issue, but the bulbs themselves. Why would the bulbs even be mentioned if this could infect any ZB device?
-
@Dashrender said in IOT failure - again:
The attack starts by an attacker getting withing 400 meters of a bulb allows them to connect to it, and upload the virus, that bulb then attaches to anything within range, again 400 m, and passes the virus (worm) around to other devices.
ANY device? Are you sure? It's purely distance based and no security matters?
-
@scottalanmiller said in IOT failure - again:
@Dashrender said in IOT failure - again:
The attack starts by an attacker getting withing 400 meters of a bulb allows them to connect to it, and upload the virus, that bulb then attaches to anything within range, again 400 m, and passes the virus (worm) around to other devices.
ANY device? Are you sure? It's purely distance based and no security matters?
Why don't you read it and tell me what you think it says period then again this might not be the correct article for that because I didn't get the information from this article instead I got it from security Now.
-
The blurry article?
I don't see anything that suggests anything other than a bulb is vulnerable because it's wide open. Nothing that suggests it gets past ZB security. Only that bulbs don't have any.
-
@scottalanmiller said in IOT failure - again:
@Dashrender said in IOT failure - again:
The attack starts by an attacker getting withing 400 meters of a bulb allows them to connect to it, and upload the virus, that bulb then attaches to anything within range, again 400 m, and passes the virus (worm) around to other devices.
ANY device? Are you sure? It's purely distance based and no security matters?
I don't know if the whole Zigbee protocol is broken, but definitely the implementation of the Hue Lights is poor and allows this take over, according to the researchers.
-
@Dashrender said in IOT failure - again:
@scottalanmiller said in IOT failure - again:
@Dashrender said in IOT failure - again:
The attack starts by an attacker getting withing 400 meters of a bulb allows them to connect to it, and upload the virus, that bulb then attaches to anything within range, again 400 m, and passes the virus (worm) around to other devices.
ANY device? Are you sure? It's purely distance based and no security matters?
I don't know if the whole Zigbee protocol is broken, but definitely the implementation of the Hue Lights is poor and allows this take over, according to the researchers.
I thought that the issue was that they were wide open, not secured at all.
-
https://boingboing.net/2016/11/09/a-lightbulb-worm-could-take-ov.html
Researchers from Dalhousie University (Canada) and the Weizmann Institute of Science (Israel) have published a working paper detailing a proof-of-concept attack on smart lightbulbs that allows them to wirelessly take over the bulbs from up to 400m, write a new operating system to them, and then cause the infected bulbs to spread the attack to all the vulnerable bulbs in reach, until an entire city is infected.
The researchers demonstrate attacking bulbs by drone or ground station. The demo attacks Philips Hue lightbulbs, the most popular smart lighting system in the market today.
Philips Hue use Zigbee for networking. Zigbee is a wireless protocol designed for low-powered Internet of Things devices, and it has many built-in security features. The most important of these is that once a device is initialized as part of a Zigbee network, it can't be hijacked onto a rival network unless you can bring a controller into close proximity to it (a couple centimeters away). However, there is a fatal flaw in the Zigbee implementation in the Hue system, and the researchers showed that they could hijack the bulbs from nearly half a kilometer away (this attack is only possible because Zigbee doesn't encrypt all traffic between devices).
-
http://betanews.com/2016/11/14/philips-hue-light-bulbs-worm-vulnerable/
Hard coded keys (passwords) and the threat is only to other bulbs all sharing the same password. Obviously not a flaw, just bad planning. Not a ZB issue.
-
@Dashrender said in IOT failure - again:
https://boingboing.net/2016/11/09/a-lightbulb-worm-could-take-ov.html
Researchers from Dalhousie University (Canada) and the Weizmann Institute of Science (Israel) have published a working paper detailing a proof-of-concept attack on smart lightbulbs that allows them to wirelessly take over the bulbs from up to 400m, write a new operating system to them, and then cause the infected bulbs to spread the attack to all the vulnerable bulbs in reach, until an entire city is infected.
Right.... only bulbs that are ALREADY vulnerable by having a publicly known shared password are at risk. Nothing here about a ZB vulnerability at all.
-
It's like saying that Windows security doesn't work because people shared passwords at one company. Or that SSH isn't secure because you CAN hard code passwords and let them get compromised.
Those are end user issues, not protocol issues.
-
@scottalanmiller said in IOT failure - again:
http://betanews.com/2016/11/14/philips-hue-light-bulbs-worm-vulnerable/
Hard coded keys (passwords) and the threat is only to other bulbs all sharing the same password. Obviously not a flaw, just bad planning. Not a ZB issue.
Sorry if you thought I was implying that ZB was broken.. (it's not great by any means, but not as broken as this implementation by Philips).
-
@Dashrender said in IOT failure - again:
Sorry if you thought I was implying that ZB was broken.. (it's not great by any means, but not as broken as this implementation by Philips).
THIS implementation isn't broken at all, either!! Nothing whatsoever wrong with ZB here at all. Where are you getting that? The articles aren't saying that at all.
-
The article does get the recap of what they write originally wrong and call it the implementation. It's not, whatever intern recapped obviously couldn't read the original. It's a shared password only.
-
With further offline discussion - we found that something called touchlink is where the implementation (or advancement in technology) failure took place in ZB.
I found this black hat article, https://www.blackhat.com/docs/us-15/materials/us-15-Zillner-ZigBee-Exploited-The-Good-The-Bad-And-The-Ugly-wp.pdf
... ZLL devices support a feature called “Touchlink Commissioning” that allows devices to be paired with controllers. As the default and publicly known TC link key is used, devices can be “stolen”. Tests showed that amateur radio hardware using normal dipole (Rasperry Pi extension board) antennas already
allowed Touchlink Commission from several meters away whereas for security reasons this should only work in close proximity. Usage of professional radio equipment would allow an even higher distance for such a successful device
takeover.This tells me (though I haven't found it yet) that there is some type of spec that is suppose to prevent pairing of devices outside of a certain range.