Home > Articles > Cisco Network Technology > Wireless/Optical/High Speed > ZigBee Wireless Security: A New Age Penetration Tester's Toolkit

ZigBee Wireless Security: A New Age Penetration Tester's Toolkit

Article Description

Penetration testers have been focusing on wireless technologies for over a decade now, and one protocol that can arguably be placed at the top of the list is the 802.15.4 protocol that ZigBee wireless rides on. New tools and techniques are being developed by penetration testers to validate the security and configuration of ZigBee-enabled devices. Brad Bowers takes a closer look at the ZigBee protocol, some of the attacks that have been leveraged against it, and the security tools that penetration testers can use.

Like this article? We recommend

Network Security First-Step

Network Security First-Step, 2nd Edition

$29.59 (Save 20%)

ZigBee Impacts the Physical World

ZigBee Impacts the Physical World

Now you have a little background on some of the advantages and disadvantages of ZigBee. Where is it being used, and what is all the security hubbub about? While ZigBee may not be the fastest or offer the greatest distances it still has a tremendous amount of uses.

A noted wireless security expert once said, "No wireless technology has been more integrated or impacts the physical world more than ZigBee." He was absolutely right! ZigBee radios have been integrated into all sorts of sensors and monitoring and control devices; and have found their way into hospitals, industrial facilities, and control systems that our society relies on every day.

In hospitals, ZigBee radios are more frequently found in patient-monitoring systems to provide data collection while allowing uninhibited mobility of the person wearing the device. They are even finding a home "inside" patients as a means for doctors and medical professionals to communicate with patients that have been fitted with an implanted defibrillator or other heart-monitoring device.

The short range and low output power limits the problem of radio interference with other radio devices or medical equipment. Doctors can simply use another ZigBee radio to interact with the patient's device, collect data, or even change the configuration settings of the implanted device.

ZigBee radios are also heavily used in industrial applications. They are integrated into refineries, chemical plants, and water-treatment facilities as sensors or to control processing equipment.

The explanation and business drivers behind why companies are utilizing ZigBee radios are very simple to understand. Running physical wires has a significant labor and material cost, while using a self-contained, battery-operated ZigBee radio limits these costs and provides administrative advantages when troubleshooting issues.

Other organizations are switching to ZigBee radio devices for monitoring and regulating the temperature in buildings, or communicating with controllers to shut down lights when people are not in the room.

Another area where ZigBee devices have become very popular is in our homes. New residential housing is often implemented with ZigBee–enabled water and gas meters. Utility providers use specially configured ZigBee radios as data collectors to collect the water and gas meter's transmissions from their utility vehicles. This process greatly increases the efficiency of utility companies collecting meter and billing data.

4. Security Issues | Next Section Previous Section