Wouldn’t it be nice to tell your home assistant to light up a specific room or initiate a random scene that supports your mood? That’s just a basic example of a smart home application, that can be bought from different manufacturers right away.
The Internet of Things (IoT) literally invades more and more homes and brings not only quality to the most private sphere but also new intrusion points since the architecture is by far not as sophisticatad as one might assume. So, where to start getting some basic information about design principles and implementation practices? I started to look around on the web and found some interesting product reviews at first. All of these reviews didn’t quite answered my questions. Don’t get me wrong, since I’m active participant in the emerging FPV community, I had higher expectations in the matter of doing reviews. I’m used to see (video-)blogger to disassemble parts, reconfigure them and actually do a critical review. That did non happen in at least on of the videos, I’ve seen about Smart Home, so I decided to take another approach on that topic. I started looking for known security issues and possible exploits which led me to several sources especially concerning ZigBee and actual implementation practices.
Talking to the light bulbs
How does ZigBee work and how do the Smart Home automation systems communicate with each other? And what could possibly go wrong? A good starting point, gathering some answers, is this very interesting talk by Tobias Zillner & Sebastian Strobl given at the Black Hat conference 2015. They focus on the ZigBee protocol. Outlined from the abstract of the talk:
ZigBee is one of the most widespread communication standards used in the Internet of Things and especially in the area of smart homes. If you have, for example, a smart light bulb at home, the chance is very high that you are actually using ZigBee. Popular lighting applications, such as Philips Hue or Osram Lightify are based on this standard. Usually, IoT devices have very limited processing and energy resources, and therefore not capable of implementing well-known communication standards, such as Wifi. ZigBee is, however, an open, publicly available alternative that enables wireless communication for such devices. ZigBee also provides security services for key establishment, key transport, frame protection, and device management that are based on established cryptographic algorithms. So, is a ZigBee home automation network with applied security and smart home communication protected? No, absolutely not. Due to interoperability and compatibility requirements, as well as the application of legacy security concepts, it is possible to compromise ZigBee networks and take over control of all connected devices. For example, it is entirely possible for an external party to gain control over every smart light bulb that supports the ZigBee Light Link profile.
This is made possible because the initial key transport is done in an unsecured way, and support of this weak key transport is, in fact, even required by the standard itself. Due to these shortfalls and limitations created by the manufacturers themselves, the security risk in this last tier communication standard can be considered as very high. This talk will provide an overview of the actual applied security measures in ZigBee, highlight the included weaknesses, and show practical exploitations of actual product vulnerabilities, as well as our recently developed ZigBee security-testing framework tool.
You can watch the recorded talk here or via the following embed in order to get the whole picture of the good, the bad and the ugly. A very good narrative by the way.
The slides have been uploaded here and whitepaper can be found here. To make this point clear. This is not an issue that came up recently, it has been exposed in 2015 and has been elaborated even earlier. Yet smart light bulbs like Philips Hue, Osram Lightify and recently even Ikea’s TRÅDFRI rely on ZigBee. Thinking of setting up a smart home environment or doing home automation requires us to rethink the idea of a independent user, creator or even a maker.
ZigBee itself is not too bad at all, it implements several security measures such as symmetric encryption and replay protection, but it perfectly shows the complexity of a modern digital infrastructure and embedded computing systems and it’s challenges. Speaking of challenges, I’m refering to the hidden pitfalls that come with the technology and particularly with specific applications and its so-called real world implementations. These are most likely as good as they need to be to function.
There is another interesting talk given by Eyal Ronen at the 2017 IEEE Symposium on Security & Privacy here, where he describes the mechanism and principles of how to create a Zigbee Chain Reaction (The full results and findings are described in the paper here).
A New Type of Attack?
Eyal Ronen shows us in 2017 a new type of attack, where a hacker can infect all the smart lights in a wider area, under the circumstances that the density of smart lights is above a certain critical mass (which can be calculated with percolation theory techniques).
The problem here is not only that one infected light bulb can comprimes the whole mesh network, but rather that there is no essential communication over TCP/IP and thus the attack cannot be stopped by standard internet security tools. On top of that, the attacker can not only cause a widespread blackout, he also can permanently brick the smart lights. Ronen and his
To function securely in a network, a device must have a counterpart device which it can trust to obtain keys and which controls access. So the problem here is, that it is not possible to find an infected source, at least in this attack scenario and that leads to a fundamental break of the open trust system that ZigBee devices rely on.
Zigbee War Driving
Taking these findings, it’s pretty evident, that an attacker can access the smart light bulbs from a decent distance, so the rather old idea of Wardriving is coming up again, this time not to exploit weak or open WiFi spots, but rather to acccess and re-program the smart light bulbs that function basically speaking as a network repeater. How the results look like can be seen in the following video.
And what now?
Well, the technology of smart bulbs and IoT is making enourmous progress and can be seen as rapidly. I have decided to keep an eye on the industrial progress and upcoming inventions. Nevertheless, after seeing the potential of hacking these devices I’m still torn, since it’s super exciting to see these devices in action and how they function.
Do we need this at all?
Today, my answer is yes. Discussing technological progress with smart light bulbs might sound irrelevant or arbitrary on the first sight, but when it comes to monitoring health systems, IoT can offer a huge benefit. As a matter of automation IoT can assist in therapies on depression and medical support in general. It also becomes a crucial factor and in that case, I’d rather see exploits on hijacked and bricked light bulbs as on connected inhalers or human implanted data chips and sensors.
Starting with the idea of simply getting a smart home environment, I digged deeper and deeper into different applications of smart home devices and realized that there several pitfalls and flaws, especially when it comes to privacy and network securiy. Within this post, I don’t want to argue that home automation is something bad that the #internetofshit has brought to us. I still hold the opinion that it is an very interesting emerging industry that has huge potential in raising quality of living.
So, why am I writing all this up? The short answer is, that it is exciting to play around with smart devices and dive into the IoT universe. The long answer isn’t that simple but can be splitted into two parts. Firstly, the industry is emerging rapidly fast, which is problematic at least in the way, that the new and mostly innovative products not only need to be maintained by doing some regular software updates, but also need to be up to date, when it comes to the hardware and other architectural components. In case of security risks and privacy flaws it means, that not only one device in that architectural chain has to be secure, all components need to work together on a decent level. There it goes, the rise of complexity since every device has different requirements to make it work. Interoperability is becoming more and more important and the paradigm of Interoperability is not necessary compatible to industry standards or marketing interests. Which makes it even more complex as a user or maker. Which brings me to the second part of the long answer. Like any new phenomena or emerging industry, there is a mystic and adventurous aura surrounding these technological progress, this aura is often hiding the pitfalls that come with it. So it is necessary to discuss possible scenarios and raise some awareness on possible and sometimes highly individual shortfalls, to get a technology and it’s efficacy to know a bit better. The individuals refered to in this post do exactly that. They show weak spots, not only in one specific product, but in the whole architecture of IoT devices using ZigBee. What can be understood as responsible disclosure can additionally help independent developers to create a better environment, maybe using other technologies, or integrating fixes to existing ones.
Thinking of IoT devices in a wider sense, we have a whole new technological platform here that functions as a medium, since the devices communicate with each other and allow communication through them. Having smart objects around us defining our environment requires us to think of it in a new quality. It also requires some fundamental knowledge about how these devices communicate with each other and how they finally interact with humans and how they silently reconfigure the human perception in the age of digital technologies.