#Whitepaper: ‘IoT Goes Nuclear: Creating a ZigBee Chain Reaction’ | #IoTuesday #IoT « Adafruit Industries – Makers, hackers, artists, designers and engineers!

Adafruit is open, safely ... and shipping all orders at this time! Read more!

News, Resources, & More …
POPULAR CATEGORIES
(SEE ALL 347)

3D PRINTING (10203)
RASPBERRY PI (7571)
ART (7122)
WEARABLES (4236)
ARDUINO (3947)
RANDOM (3494)
SCIENCE (3472)
COSTUMING (2914)
COSPLAY (2642)
EDUCATORS (2356)

ROBOTICS (2340)
MUSIC (2061)
COMMUNITY (2038)
LEDS-LCDS (1806)
MAKER BUSINESS (1771)
ADAFRUIT LEARNING SYSTEM (1760)
SPACE (1609)
ASK-AN-ENGINEER (1508)
HISTORY (1470)
CIRCUITPYTHON (1431)

NEW POSTS
(SEE ALL)

June 1, 2020 at 5:00 am
Controlling a Modular Synth with a Modded NES…

June 1, 2020 at 4:00 am
Here’s why this hospital is using drones to…

June 1, 2020 at 3:00 am
Kansas State Polytechnic UAS Virtual Academy…

FEATURED POSTS
(SEE ALL 382)

June 1, 2020 at 12:15 am
Immigrant Heritage Month #IHM2020…

May 27, 2020 at 3:04 pm
20,000 THANK YOUs! Celebrating 20,000 members in…

May 26, 2020 at 10:50 am
Adafruit is open, safely … and shipping all…

April 25, 2017 AT 1:37 pm

#Whitepaper: ‘IoT Goes Nuclear: Creating a ZigBee Chain Reaction’ | #IoTuesday #IoT

TL;DR: Skynet will arrive in the form of light bulbs.

Abstract: Within the next few years, billions of IoT devices will densely populate our cities. In this paper we describe a new type of threat in which adjacent IoT devices will infect each other with a worm that will spread explosively over large areas in a kind of nuclear chain reaction, provided that the density of compatible IoT devices exceeds a certain critical mass. In particular, we developed and verified such an infection using the popular Philips Hue smart lamps as a platform. The worm spreads by jumping directly from one lamp to its neighbors, using only their built-in ZigBee wireless connectivity and their physical proximity. The attack can start by plugging in a single infected bulb anywhere in the city, and then catastrophically spread everywhere within minutes, enabling the attacker to turn all the city lights on or off, permanently brick them, or exploit them in a massive DDOS attack. To demonstrate the risks involved, we use results from percolation theory to estimate the critical mass of installed devices for a typical city such as Paris whose area is about 105 square kilometers: The chain reaction will fizzle if there are fewer than about 15,000 randomly located smart lights in the whole city, but will spread everywhere when the number exceeds this critical mass (which had almost certainly been surpassed already).

To make such an attack possible, we had to find a way to remotely yank already installed lamps from their current networks, and to perform over-the-air firmware updates. We overcame the first problem by discovering and exploiting a major bug in the implementation of the Touchlink part of the ZigBee Light Link protocol, which is supposed to stop such attempts with a proximity test. To solve the second problem, we developed a new version of a side channel attack to extract the global AES-CCM key (for each device type) that Philips uses to encrypt and authenticate new firmware. We used only readily available equipment costing a few hundred dollars, and managed to find this key without seeing any actual updates. This demonstrates once again how difficult it is to get security right even for a large company that uses standard cryptographic techniques to protect a major product.

Download the whitepaper PDF here.

Stop breadboarding and soldering – start making immediately! Adafruit’s Circuit Playground is jam-packed with LEDs, sensors, buttons, alligator clip pads and more. Build projects with Circuit Playground in a few minutes with the drag-and-drop MakeCode programming site, learn computer science using the CS Discoveries class on code.org, jump into CircuitPython to learn Python and hardware together, TinyGO, or even use the Arduino IDE. Circuit Playground Express is the newest and best Circuit Playground board, with support for CircuitPython, MakeCode, and Arduino. It has a powerful processor, 10 NeoPixels, mini speaker, InfraRed receive and transmit, two buttons, a switch, 14 alligator clip pads, and lots of sensors: capacitive touch, IR proximity, temperature, light, motion and sound. A whole wide world of electronics and coding is waiting for you, and it fits in the palm of your hand.

Join 16,000+ makers on Adafruit’s Discord channels and be part of the community! http://adafru.it/discord

Have an amazing project to share? The Electronics Show and Tell is every Wednesday at 7:30pm ET! To join, head over to YouTube and check out the show’s live chat – we’ll post the link there.

Join us every Wednesday night at 8pm ET for Ask an Engineer!

Follow Adafruit on Instagram for top secret new products, behinds the scenes and more https://www.instagram.com/adafruit/

CircuitPython – The easiest way to program microcontrollers – CircuitPython.org

Maker Business — How 3M is able to ramp up production of N95 masks

Wearables — Flip UV on its head

Electronics — To Y5V or not to Y5V?

Biohacking — Vitamin-C + Gelatin for Accelerated Recovery

Python for Microcontrollers — Virtually Maker Faire, HackSpace Magazine, and more! #Python #Adafruit #CircuitPython @circuitpython @micropython @ThePSF

Adafruit IoT Monthly — Quarantine Clock, Smarter Than your Speaker, and More!

Microsoft MakeCode — Arcade Mini Game in a Text Adventure

Get the only spam-free daily newsletter about wearables, running a "maker business", electronic tips and more! Subscribe at AdafruitDaily.com !

No Comments

No comments yet.

Sorry, the comment form is closed at this time.

Filed under: internet of things —
Tags: IoT, IoTuesday, light bulbs — by nicknormal

Comments Off