Not long ago, at the 2015 Black Hat Conference in Las Vegas, Cognosec released a paper pointing out a flaw in the implementation of the ZigBee protocol. The company said the flaw involves multiple types of equipment, and hackers could harm the ZigBee network, "take over control of all connected devices in the network," and manipulate networked door locks, alarm systems, and even switch bulbs.
The International ZigBee Alliance has responded to this issue as a non-profit organization that creates open global IoT standards for consumer, commercial, and industrial applications. The ZigBee Alliance believes that the ZigBee Alliance and member development protocols take into account the balance of device interactivity, ease of use and security, providing the best "smart" functionality with minimal exposure risk. The ZigBee security vulnerability involved in the Black Hat Conference is a small vulnerability in single-node initialization. Intrusion into this small vulnerability requires a wealth of expertise and equipment that only the security team can do.
The ZigBee Alliance also said that it encourages organizations to bring their findings into development discussions and thereby enhance user experience and confidence in the development of smart homes. ZigBee technology is an agreement created by some of the world's most successful companies, all of which focus on the latest security solutions. The ZigBee Alliance's technical working group has been actively reviewing the ZigBee security framework and seeking the best practices in the industry to stay ahead of evolving security threats.
The following is the official statement of the Chinese and English full text:
The ZigBee Alliance and its members develop standards and protocols based on an appropriate balance that takes into account the device's secure interaction and ease of use and provides the best "smart" functionality with minimal exposure risk.
We are very aware of the report of Black Hat's launch. The report describes a small vulnerability in a single-node initialization that occurs when a user unpacks a net (when a user installs a new device) or when a device loses its connection with the parent node and re-screens—usually this means a few milliseconds Key exchange. Invasion of this small vulnerability requires a wealth of expertise and equipment that cannot happen outside of the security team.
Security must be consistent with the application, and its solution is determined by the resources available at hand. When a light bulb has neither a keyboard nor a display, it is very difficult to enter a 16-digit password for it. And if a solution is too expensive, too difficult to install, or too time consuming, consumers will not use it.
ZigBee technology is created by some of the world's most successful companies, all of which focus on the latest security solutions. The ZigBee Alliance's technical working group has been actively reviewing the ZigBee security framework and seeking the best practices in the industry to stay ahead of evolving threats, so we welcome the analysis of this open standards team.
The ZigBee Alliance and its members take security very seriously. Our members develop standards and protocols to strike the appropriate balance between ease of use and secure interacTIon of devices to afford the greatest 'smart' funcTIonality with the least exposure.
We are aware of the report promoted from Black Hat, The risk described is small regarding a singular point in the iniTIal, out-of-the-box joining (when the homeowner is installing a new device) or when a device is re-joining The network after losing contact with its parent – ​​which is a few milliseconds of key exchange. The hack requires substanTIal knowledge and equipment and is unlikely to occur outside of the security community.
Security has to fit the application, and schemes are dictated by the resources at hand. It is very hard to enter a 16-digit passphrase into a light bulb when there is no keyboard or monitor. If a scheme is too expensive, too difficult to Install, or too time-consuming – consumers won't apply it.
ZigBee technology is created and implemented by some of the most successful companies in the world, all of which have access to the latest security schemes. Members of ZigBee Alliance technical working groups actively review the ZigBee security framework as well as industry best practices to stay ahead Of evolving threats, and therefore welcome this type of analysis as an open standards community.
About ZigBee Technology and the ZigBee Alliance:
ZigBee technology is a short-range, low-complexity, low-power, low-rate, low-cost two-way wireless communication technology. It is mainly used for data between various electronic devices with short distance, low power consumption and low transmission rate. Transmission and typical applications with periodic data, intermittent data and low response time data transmission.
The ZigBee Alliance is a non-profit organization that creates open global IoT standards for consumer, commercial and industrial applications. It has more than 400 member companies worldwide, covering chip suppliers, equipment manufacturers, televisions, telecom operators, and certification bodies. The various links of the industrial chain such as the large retail group have a major impact on the smart home and the entire Internet of Things industry. Board members include NXP Semiconductors, Comcast Cable, Freescale Semiconductor, Ai Chuang, Kroger, Langier, Legrand, Philips, Schneider, Core, Texas Instruments, IOT Sensing (Asian only Board members), SmartThings and other 13 world-renowned companies.
[Crazy PK] Hackers want to get into the ZigBee smart home, what do you think?
Oil Filter For ISUZU
ISUZU Oil Filter Replacement,Oil Filter For ISUZU Cars,ISUZU Car Oil Filter,ISUZU Auto Oil Filter
Zhoushan Shenying Filter Manufacture Co., Ltd. , https://www.renkenfilter.com