Security testing of the Zigbee communication protocol in consumer grade IoT devices

Abstract: With the ever increasing number of Internet of Things devices going out on the market for consumers that are Zigbee certified there is a need for security testing. This is to make sure that security standards are upheld and improved upon in order to make sure networks are protected from unauthorized users. Even though a lot of research and testing has been done on the Zigbee key exchange mechanism, called Zigbee commissioning, improvements have still not been enough with severe vulnerabilities in consumer grade devices still existing today. The devices tested in this study use EZ-mode commissioning in order to exchange the network key between a Zigbee coordinator and a Zigbee end device in order to encrypt later communication after being paired.  By using a simple radio receiver and a packet capturing program such as Wireshark an eavesdropping attack was conducted in order to capture the network key. The experiment demonstrates that this is still a weak point as the network key was successfully captured using eavesdropping. The analysis of the results show that previous criticisms of Zigbee commissioning have still not fully been addressed and can be a potential weak point in networks that use Zigbee certified IoT products.