Every summer, hackers from around the world get together in Las Vegas at Black Hat to share a seemingly unending number of security holes they've found in networks over the past year.
This year was no different, but now it seems that more IoT and smart home security holes were identified, mostly because now, more than ever, IoT and smart home networks are becoming targets for potential hackers.
And one of the flaws found should be of particular concern for those deploying Zigbee networks. According to Cognosec, the default Trust Center key used in the home automation profile represents a particularly glaring hole that needs to be plugged.
The use of the default TC link key “ZigBeeAlliance09” introduces a high risk to the secrecy of the network key. The Home Automation Public Application Profile states that: "The current network key shall be transported using the default TC link key in the case where the joining device is unknown or has no pecific authorization associated with it. This allows forthe case where alternative pre-configured link keys specifically associated with a device can be used as well." (ZigBee Alliance 2013, p. 44) Since, as discussed before, the security of ZigBee is highly reliant on the secrecy of the key material and therefore on the secure initialisation and transport of the encryption keys, this default fallback mechanism has to be considered as critical risk. If an attacker is able to sniff a device join using the default TC link key, the active network key is compromised and the confidentiality of the whole network communication can be considered as compromised. This might be a lower risk if only light bulbs are used, but as HVAC systems and door-locks also use the Home-Automation profile, the impact on security of this profile requirement is greatly increased.
The report goes on to identify other holes, all of which it says are a result of implementation failures and center on "the secrecy of the encryption keys as well as their secure initialisation and distribution of the encryption keys".
And it's not just Zigbee. I've said recently that Apple's slow rollout around HomeKit is probably because they've identified possible security holes across a variety of transport and network layers. Bluetooth, in particular, has been shown to be problematic. Research by another researcher illustrated how one is able to wreak havoc with Bluetooth connected skateboards. Another showed a vulnerability with Wi-Fi.
Now, it should be said the goal of much of this research is for a positive end-goal: to identify holes that can be exploited so that those companies utilizing technology for commercial products can do something about it, namely plug the holes.
Bottom line, lots of work remains to be done with nearly every network technology now going into the connected home. I expect those with large numbers of nodes in the field continue to look for vulnerabilities they can patch through software upgrades. It's clear that relying on baseline technology built into the network standards isn't enough, so maybe it's time to once again to pause and appreciate the effort that Apple is taking with HomeKit to add additional security to their connected home efforts.
Subscribe to the Smart Home Weekly newsletter to get it in your inbox.
Check out the Smart Kitchen Summit, NextMarket's first event and one and only event about the future of the connected kitchen.