Almost every smart device uses a network, and the device utilizes a ZigBee module to create a personal area network. A ZigBee is based on IEEE 802.15.4 specification and powers low signal digital radios mainly for data collection and home automation. According to Figure 3, the ZigBee uses low data rates and low latency, which is useful for low-cost applications. This module plays a significant part in the actual sensor due to its long battery life.
Figure 3: ZigBee specification (Source: ZigBee Technology, 2012)
Many advantages of the ZigBee module are available but there are security concerns about, “How secure is the SmartThing kit?” According to the University of Michigan report and its proof-of-concept attacks, showed that the SmartThings App source code contains overprivileged access for its consumers. A representative for Samsung’s SmartThings said:
“The potential vulnerabilities disclosed in the report are primarily dependent on two scenarios — the installation of a malicious SmartApp or the failure of third-party developers to follow SmartThings guidelines on how to keep their code secure.”
As a result, the ZigBee module lacks security. Researchers and security penetration testers from the Black Hat found security flaws. The security results of the ZigBee are that:
- ZigBee does not have security configuration possibilities
- No key rotation, no link keys are supported
- The system only uses default TC Link key for secure key exchange
- Signal jammers are an easy way to distract signal
To clarify, ZigBee is vulnerable to the different types of attacks, e.g. (Denial of Service, Eavesdropping, Sinkhole and Wormhole, Node Compromise and Physical Attack). Taking network security standards in the account, the ZigBee radio links are the most insecure part even when it invites or assists the opponent. As noted above the solution for flaws must be put in the account and resolved otherwise, consumers are at risk, where depending on the smart home model, it can be harmful to the house security and the consumer life.