Killerbee

Hawaii International Conference on System Sciences/IEEE Computer Society: Api-do: Tools for Exploring the Wireless Attack Surface in Smart Meters

Security is critical for the wireless interface offered by soon-to-be-ubiquitous smart meters; if not secure, this technology provides an remotely accessible attack surface distributed throughout many homes and businesses. History shows, however, that new network interfaces remained brittle and vulnerable (although believed otherwise) until security researchers could thoroughly explore their attack surface.

Continue reading

KillerBee 2.0

KillerBee software is intended for students, researchers, engineers, and security professionals to use for evaluating the security of IEEE 802.15.4/ZigBee systems. River Loop is a leader in IEEE 802.15.4 and ZigBee security research and penetration testing, and is proud to contribute to the open-source and security community through the continued development of KillerBee along with other contributors.

Continue reading

Scapy dot15d4

Scapy dot15d4 is a IEEE 802.15.4 dissection/construction layer for the popular Scapy packet manipulation framework. Others have joined in to extend this to make it a leading tool for evaluating the security of IEEE 802.15.4/ZigBee systems.

Continue reading

USENIX Workshop on Offensive Technologies: Packets in Packets: Orson Welles’ In-Band Signaling Attacks for Modern Radios

Presents methods for injecting raw frames at Layer 1 from within upper-layer protocols by abuse of in-band signaling mechanisms common to most digital radio protocols. This packet piggy-backing technique allows attackers to hide malicious packets inside packets that are permitted on the network.

Continue reading

Hardware Security Training Talks: IEEE 802.15.4 Overview and TumbleRF Fuzzing

In this talk, we shared with the assembled group of hardware security professionals and students an introduction to IEEE 802.15.4 security and showed a few basic attacks, an intermediate attack, and then two examples of advanced techniques and research.

Continue reading

Troopers 18: Unifying RF Fuzzing Techniques under a Common API: TumbleRF

While fuzzing is known to be a powerful mechanism for fingerprinting and enumerating bugs within hardware and software systems, the application of this technique to wireless systems remains nontrivial due to fragmented and siloed tools. In this talk, we covered wireless fuzzing fundamentals and introduce a new tool to unify the approach across protocols, radios, and drivers and released a new open-source tool to assist.

Continue reading

ShmooCon '11: ZigBee Security: Find, Fix, Finish

Techniques for sniffing ZigBee packets have been presented, as have theoretical vulnerabilities in other types of wireless sensor networks, but this talk uses injection and intelligent packet generation to move towards real proof-of-concept attacks on 802.15.4/ZigBee networks.

We analyze which proposed wireless sensor network attacks actually work on ZigBee, and provide proof of concept implementations of theoretical attacks.

Continue reading