Home > News > Content

ZigBee Explosion, 'a Security Risk' Smart Lighting Into A 'dead End'?

Oct 31, 2016

 [text / Engineering LED Xuchao Peng] 2015 recently held in Las Vegas \u0026 middot; Black Hat (BlackHat), the researchers released a paper. The paper pointed out that a flaw in the ZigBee protocol, LED stadium light a hacker might this harm ZigBee network, in order to gain control of all connected devices within the network.This vulnerability is very serious, because the security of the solution depends entirely on the network keys confidentiality. And,stadium lights from the smart bulb temperature sensor as well as the door lock did test our show, vendors of these devices to deploy only a minimum number of requirements for authentication, there are no other options to improve the security level, thus giving the hacker provides a very Great convenience. The researchers added wrote.High power led flood light reported that the defect involves a variety of types of equipment, the hacker can use loopholes ZigBee protocol devices, intelligent invade your home, free to control your network locks, alarm systems, and even be able to switch your light bulbs. For a time it caused widespread concern in the industry. backpfrontp present, ZigBee (Zigbee protocol) based on the IEEE802.15.4 standard,1000W LED flood light as a low-cost, low-power, short-range wireless network communication technology, already widely present in the lamp, such as a smart, smart door locks, motion sensors, temperature sensors and other large emerging networking equipment, and has a high ownership. So, the researchers said the fact whether, as the Black Hat conference, will lead to a security crisis intelligence products, Engineering LED also conducted its own investigation.This event we have noticed that black hat on the General Assembly set forth on ZigBee technology vulnerabilities in protocol level,LED tunnel light the case does not have the technical background and the internal network authorization keys are difficult to invasion. Shun Zhou technology products director Jiang Hongfei representation. backpfrontp According Jiang introduction, Zigbee wireless protocol is one of the most secure technology for ZigBee protocol, it has not yet appeared together the global break precedent.Engineering LED bay light informed, Zigbee security due to its systematic design, which uses AES encryption (Advanced Encryption System), rigor 12x bank card encryption technology, but, Z-stack to provide a comprehensive Zigbee support, CC2530 hardware support 128bit AES encryption algorithm in the protocol stack in order to avoid interference of the same equipment, and other devices to prevent eavesdropping. Clearly said, AES is a new encryption algorithm can be used to protect electronic data, which uses iterative, symmetric key cryptographic packet, and (16 bytes) packets to encrypt and decrypt data 128. It uses a loop structure in this cycle is repeated displacement (permutations) and replacement (substitutions) input data, in order to ensure the security of the system. Jiang Hongfei representation. backpfrontp below Engineering LED arena light also summed Zigbee three security mechanisms, in order to improve data security: backpfrontp 1), the internal structure of the security; backpfrontp ZigBee protocol in order to have a secure network, all devices must be created mirrors The pre-security flag is enabled, set a default password, the default password can be preconfigured to each device on the network or configured only to the coordinator, and then distributed to all the devices if the network. Note that, in future cases, the password will be distributed to each of them to join the network equipment. So, join the network during a moment of weakness becomes, but it tends to be completed within ten milliseconds. backpfrontp 2), strict network access control;In a secure network, when a device joins the network will be told that a trust center. Credit Center has allowed to remain in the network device or network access is denied this right to choose the device,led stadium floodlights the trust center can decide whether to allow a device into the network via any logical way, one of the Trust Center is only one device in a very short window time to join the network, which the user can not bypass the licensing process; backpfrontp 3), application data security; trust center can update the network password according to their own judgment. Application developers to modify update policy network password, the default Trust Center can be used to specify the policy in line with the implementation of the development staff, a strategy will be updated at regular intervals in accordance with your network password cycles. backpbackpfrontp In addition, most of the domestic manufacturers of Zigbee technology agreement, such as millet,gym lights Lenovo, OU etc., which are based on the modified agreement on the basis of the coalition agreement, to become their own proprietary protocol, so with other Zigbee systems are not interoperable of. Jiang Hongfei mentioned, based on the above considerations, he believes the hackers want to get into difficulty system is very large. backpfrontp fact, for highly sophisticated professional hackers, and perhaps also the invasion of smart home devices odds possible, but for the average user, this thing can not be realized. Moreover, to spend so much effort, meaning lie? So for Black Hat burst Zigbee security risks, we relax a bit, well do better intelligent lighting products go! Backp