IoT Goes Nuclear: Creating a Zigbee Chain Reaction

Eyal Ronen; Adi Shamir; Achi Or Weingarten; Colin Oflynn

doi:https://doi.org/10.1109/MSP.2018.1331033

IoT Goes Nuclear: Creating a Zigbee Chain Reaction

Eyal Ronen, Adi Shamir, Achi Or Weingarten, Colin Oflynn

Research output: Contribution to journal › Article › peer-review

Abstract

In this article, we describe a new type of attack on IoT devices, which exploits their ad hoc networking capabilities via the Zigbee wireless protocol, and thus cannot be monitored or stopped by standard Internet-based protective mechanisms. We developed and verified the attack using the Philips Hue smart lamps as a platform, by exploiting a major bug in the implementation of the Zigbee Light Link protocol, and a weakness in the firmware update process. By plugging in a single infected lamp anywhere in the city, an attacker can create a chain reaction in which a worm can jump from any lamp to all its physical neighbors, and thus stealthily infect the whole city if the density of smart lamps in it is high enough. This makes it possible to turn all the city's smart lights on or off, to brick them, or to use them to disrupt nearby Wi-Fi transmissions.

Original language	English
Article number	8283484
Pages (from-to)	54-62
Number of pages	9
Journal	IEEE Security and Privacy
Volume	16
Issue number	1
DOIs	https://doi.org/10.1109/MSP.2018.1331033
State	Published - 1 Jan 2018
Externally published	Yes

Keywords

IEEE Symposium on Security and Privacy
Internet of Things
IoT
Zigbee
security
smart lamp

All Science Journal Classification (ASJC) codes

Computer Networks and Communications
Electrical and Electronic Engineering
Law

Access to Document

https://doi.org/10.1109/MSP.2018.1331033

Cite this

@article{324898a23f274585a6ebce7d5b3c8e1c,

title = "IoT Goes Nuclear: Creating a Zigbee Chain Reaction",

abstract = "In this article, we describe a new type of attack on IoT devices, which exploits their ad hoc networking capabilities via the Zigbee wireless protocol, and thus cannot be monitored or stopped by standard Internet-based protective mechanisms. We developed and verified the attack using the Philips Hue smart lamps as a platform, by exploiting a major bug in the implementation of the Zigbee Light Link protocol, and a weakness in the firmware update process. By plugging in a single infected lamp anywhere in the city, an attacker can create a chain reaction in which a worm can jump from any lamp to all its physical neighbors, and thus stealthily infect the whole city if the density of smart lamps in it is high enough. This makes it possible to turn all the city's smart lights on or off, to brick them, or to use them to disrupt nearby Wi-Fi transmissions.",

keywords = "IEEE Symposium on Security and Privacy, Internet of Things, IoT, Zigbee, security, smart lamp",

author = "Eyal Ronen and Adi Shamir and Weingarten, {Achi Or} and Colin Oflynn",

note = "Publisher Copyright: {\textcopyright} 2012 IEEE.",

year = "2018",

month = jan,

day = "1",

doi = "https://doi.org/10.1109/MSP.2018.1331033",

language = "الإنجليزيّة",

volume = "16",

pages = "54--62",

journal = "IEEE Security and Privacy",

issn = "1540-7993",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

number = "1",

}

TY - JOUR

T1 - IoT Goes Nuclear

T2 - Creating a Zigbee Chain Reaction

AU - Ronen, Eyal

AU - Shamir, Adi

AU - Weingarten, Achi Or

AU - Oflynn, Colin

PY - 2018/1/1

Y1 - 2018/1/1

N2 - In this article, we describe a new type of attack on IoT devices, which exploits their ad hoc networking capabilities via the Zigbee wireless protocol, and thus cannot be monitored or stopped by standard Internet-based protective mechanisms. We developed and verified the attack using the Philips Hue smart lamps as a platform, by exploiting a major bug in the implementation of the Zigbee Light Link protocol, and a weakness in the firmware update process. By plugging in a single infected lamp anywhere in the city, an attacker can create a chain reaction in which a worm can jump from any lamp to all its physical neighbors, and thus stealthily infect the whole city if the density of smart lamps in it is high enough. This makes it possible to turn all the city's smart lights on or off, to brick them, or to use them to disrupt nearby Wi-Fi transmissions.

AB - In this article, we describe a new type of attack on IoT devices, which exploits their ad hoc networking capabilities via the Zigbee wireless protocol, and thus cannot be monitored or stopped by standard Internet-based protective mechanisms. We developed and verified the attack using the Philips Hue smart lamps as a platform, by exploiting a major bug in the implementation of the Zigbee Light Link protocol, and a weakness in the firmware update process. By plugging in a single infected lamp anywhere in the city, an attacker can create a chain reaction in which a worm can jump from any lamp to all its physical neighbors, and thus stealthily infect the whole city if the density of smart lamps in it is high enough. This makes it possible to turn all the city's smart lights on or off, to brick them, or to use them to disrupt nearby Wi-Fi transmissions.

KW - IEEE Symposium on Security and Privacy

KW - Internet of Things

KW - IoT

KW - Zigbee

KW - security

KW - smart lamp

UR - http://www.scopus.com/inward/record.url?scp=85041820297&partnerID=8YFLogxK

U2 - https://doi.org/10.1109/MSP.2018.1331033

DO - https://doi.org/10.1109/MSP.2018.1331033

M3 - مقالة

SN - 1540-7993

VL - 16

SP - 54

EP - 62

JO - IEEE Security and Privacy

JF - IEEE Security and Privacy

IS - 1

M1 - 8283484

ER -

IoT Goes Nuclear: Creating a Zigbee Chain Reaction

Abstract

Keywords

All Science Journal Classification (ASJC) codes

Access to Document

Other files and links

Fingerprint

Cite this