Zigbee AES Key Sniffing


[Travis Goodspeed] posted a preview of what he’s working on for this Summer’s conferences. Last weekend he gave a quick demo of sniffing AES128 keys on Zigbee hardware at SOURCE Boston. The CC2420 radio module is used in many Zigbee/802.15.4 sensor networks and the keys have to be transferred over an SPI bus to the module. [Travis] used two syringe probes to monitor the clock line and the data on a TelosB mote, which uses the CC2420. Now that he has the capture, he’s planning on creating a script to automate finding the key.

8 thoughts on “Zigbee AES Key Sniffing

  1. There comes a point where the issue becomes physical security rather than software/electrical engineering style security.

    “Just a moment while i open up your home automation controller and/or hospital care appliance.”

  2. I gotta question… I think someone has this device around here. I saw my mouse moving on its own and deliberately clicking on icons on my computer… I unplugged my wireless logitech keyboard receiver (after unplugging my cable modem and router)and the mouse stopped. Can’t stop this SOB from trying to take over my mouse, my only defense is just to use the wired keyboard? Or, is there something else I can do? Also, this idiot must be within what 50feet of me? Please advise…

  3. This raises some interesting questions about how to protect sensitive information such as AES keys, especially if they have to be stored in external devices.

    If you google around on ‘chip and pin’ hacking, you can see how the banking industry protects their secret Public/Secret keys with meshes and auto destructing battery backed up memory.

    Shame they don’t think that protect the PIN that the user types in is so important….

Leave a Reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.