Zigbee AES key sniffing

zigbeesniffing

[Travis Goodspeed] posted a preview of what he’s working on for this Summer’s conferences. Last weekend he gave a quick demo of sniffing AES128 keys on Zigbee hardware at SOURCE Boston. The CC2420 radio module is used in many Zigbee/802.15.4 sensor networks and the keys have to be transferred over an SPI bus to the module. [Travis] used two syringe probes to monitor the clock line and the data on a TelosB mote, which uses the CC2420. Now that he has the capture, he’s planning on creating a script to automate finding the key.

Comments

  1. fenix849 says:

    There comes a point where the issue becomes physical security rather than software/electrical engineering style security.

    “Just a moment while i open up your home automation controller and/or hospital care appliance.”

  2. burnliff says:

    shh, this will be useful for those with 00 status.

  3. dan says:

    just out of interest, is zigbee/xbee widely used in industry?

  4. Virgin media 50mbs says:

    hi i have a question if you could reply in the coments it would be great.

    In the uk there is a cable company that is using 128 AES encription on macs

  5. glonq says:

    It would be embarassing to go to jail for this (hooray DMCA!) and have to tell the other inmates that you’re an “aes sniffer”.

  6. burnliff says:

    lol, aes sniffer

  7. Len says:

    I gotta question… I think someone has this device around here. I saw my mouse moving on its own and deliberately clicking on icons on my computer… I unplugged my wireless logitech keyboard receiver (after unplugging my cable modem and router)and the mouse stopped. Can’t stop this SOB from trying to take over my mouse, my only defense is just to use the wired keyboard? Or, is there something else I can do? Also, this idiot must be within what 50feet of me? Please advise…

  8. mungewell says:

    This raises some interesting questions about how to protect sensitive information such as AES keys, especially if they have to be stored in external devices.

    If you google around on ‘chip and pin’ hacking, you can see how the banking industry protects their secret Public/Secret keys with meshes and auto destructing battery backed up memory.

    Shame they don’t think that protect the PIN that the user types in is so important….
    Mungewell.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 94,560 other followers