The hacking tool, called ZigDiggity, says the company, will emerge as the weapon of choice for testing ZigBee-enabled systems, replacing all previous efforts. The company presented the tool at the 2019 Black Hat Arsenal live tool demonstration environment, where it demonstrated how easy it was to break into several major companies' home security systems, to stop the sensors from sending an alert to the alarm, and to unlock the front door smart locks.
Many home security systems use ZigBee to provide simple wireless communication between devices to send signals from the sensors (on door and window magnets) to the alarm. As ZigBee continues to grow in popularity in all types of IoT products, says the company, security concerns around these products are growing as well.
"Unfortunately, existing ZigBee hacking solutions have fallen into disrepair," says Francis Brown, Chief Technology Officer at Bishop Fox. "They have barely been maintained, let alone improved upon, which has left pentesters [penetration testers] without a practical way to evaluate the security of ZigBee networks. Companies that want to ensure the security of their ZigBee enabled products and systems need ZigDiggity."
ZigDiggity was initially introduced as "a proof of concept" at last year's Black Hat conference to show how it could work. This year's presentation showcased ZigDiggity's attack capabilities by pitting it against common ZigBee-based Internet of Things (IoT) products - such as door and window sensors - using an "ACK Attack."
For more, see the download instructions for ZigDiggity .
ZigBee-sniffing drone maps hackable IoT devices
Smart home security 'woefully inadequate' says report
IoT security web app lets users 'spy' on their smart home devices
IoT security solution makes protecting edge devices easy