New Replay Attacks on ZigBee Devices for Internet-of-Things (IoT) Applications
Mohammad Shafeul Wara, Qiaoyan Yu
Abstract
The ZigBee wireless technologies have been widely applied in Internet of Things (IoT) applications. Among all identified security threats, replay attack is one of the major challenges. Although the firmware and authentication algorithms for ZigBee devices are being updated over the time, the security measures for ZigBee enabled IoT devices cannot efficiently thwart all replay attacks. As new sniffing devices are available on the market, new replay attacks will further challenge the integrity of the communication between ZigBee devices. This work proposes a new replay attack to reveal the security vulnerabilities of the existing commercial ZigBee devices, Phillips Hue bulbs and Xbee S1 and S2C modules. Two case studies performed in this work confirm that the proposed replay attack can successfully transmit the captured packets to the victim device in spite of the built-in countermeasures.