Korner Addresses Zigbee Security Flaws

Published: Mon, 31 August 2015

Researchers successfully exploited Zigbee Security flaws that would compromise Smart Home devices. According to Network World, researchers at Black Hat and Def Con identified vulnerabilities that could compromise poorly implemented Zigbee, which can otherwise be considered very strong and robust. The security is dependent on the secrecy of the encryption keys as well as their secure initialization and distribution of the encryption keys.

 Problems arise when vendors take short cuts to save time and money. As an example, Philips Hue light bulbs were dubbed “highly hackable” after a researcher injected malware into the Hue bridge and blacked out the lights. Because the bulbs constantly search for new devices to pair with they are easy to reset to factory defaults. On this specific issue, Korner only allows the Stick and Tags to be in pairing mode for a very short period of time during setup.
To avoid these types of issues, it is recommended at implementation to address the following: device tampering, key transport, key establishment, key rotation. Korner has been cognoscente of these issues from day 1, and is well positioned to defend against these vulnerabilities.

1) Korner doesn't send the network key in plain text

2) Korner doesn't use the default trust center key

3) Korner's master keys are never transmitted over the air

4) Korner rotates its network key

After all, home security is about more than just securing your front door…

Subscribe for Blog Updates

Leave a Reply

Your email address will not be published. Required fields are marked *