Security Threats in ZigBee-Enabled Systems: Vulnerability Evaluation, Practical Experiments, Countermeasures, and Lessons Learned

In this paper, two practical attacks against ZigBee security are proposed and the latter one is also carried out in our laboratory environment. The attack scenarios are based on utilizing several vulnerabilities found from the main security components of ZigBee technology. The first attack is based on sabotaging the ZigBee End-Device by sending a special signal that makes it wake-up constantly until the battery runs out. The second attack is based on exploiting the key exchange process in ZigBee when using the Standard Security level defined by the ZigBee specification: we also demonstrate with experimental figures that attacks against ZigBee-enabled devices become practical by using our at…