Critical Flaw Found In ZigBee Smart Home Devices. Millions at Risk.

Security researchers have identified a critical vulnerability in devices using ZigBee, a wireless standard used for connectivity in multiple Internet of Things and smart home devices — raising the specter of hackers breaking into your smart home and doing what they like with your connected locks, alarm system and even controlling your lightbulbs.

Cognosec presented a paper at the Black Hat confab in Vegas today outlining a flaw in ZigBee implementations it said affects multiple device types, and asserting it’s possible for hackers to compromise ZigBee networks and “take over control of all connected devices on a network.”

“The practical security analysis of every device assessed showed that the solutions are designed for easy setup and usage but lack configuration possibilities for security and perform a vulnerable device pairing procedure that allows external parties to sniff the exchanged network key,” the researchers write.

“This represents a critical vulnerability, as the security of the solution is solely reliant on the secrecy of this network key.”


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s