Issue No. 01 - January/February (2018 vol. 16)
Eyal Ronen , Weizmann Institute of Science
Adi Shamir , Weizmann Institute of Science
Achi-Or Weingarten , Weizmann Institute of Science
Colin OFlynn , Dalhousie University
In this article, we describe a new type of attack on IoT devices, which exploits their ad hoc networking capabilities via the Zigbee wireless protocol, and thus cannot be monitored or stopped by standard Internet-based protective mechanisms. We developed and verified the attack using the Philips Hue smart lamps as a platform, by exploiting a major bug in the implementation of the Zigbee Light Link protocol, and a weakness in the firmware update process. By plugging in a single infected lamp anywhere in the city, an attacker can create a chain reaction in which a worm can jump from any lamp to all its physical neighbors, and thus stealthily infect the whole city if the density of smart lamps in it is high enough. This makes it possible to turn all the city's smart lights on or off, to brick them, or to use them to disrupt nearby Wi-Fi transmissions.
ad hoc networks, firmware, Internet of Things, lamps, protocols, wireless LAN, Zigbee
E. Ronen, A. Shamir, A. Weingarten and C. OFlynn, "IoT Goes Nuclear: Creating a Zigbee Chain Reaction," in IEEE Security & Privacy, vol. 16, no. 1, pp. 54-62, 2018.