Zigbee Hacking: Smarter Home Invasion with ZigDiggity

Existing Zigbee hacking solutions have fallen into disrepair, having barely been maintained, let alone improved upon. Left without a practical way to evaluate the security of Zigbee networks, we've created ZigDiggity, a new open-source pentest arsenal from Bishop Fox.

In this video, learn how to use ZigDiggity, a handy tool for pen testers.

Transcript

Welcome to smarter home-invasion with ZigDiggity, the new ZB penetration testing toolkit from Bishop Fox. First we scan for nearby ZigBee wireless networks once we see a device whose behavior resembles that of a lock. We perform a ZigBee insecure rejoin attack to join their network and extract the network key, so that we can attack the lock and the controller directly. Next, the pan ID conflict gets rid of the real controller. Finally, we send a signal to unlock the lock. We continue to perform a Zigbee ACK attack against the door sensors. This is why the alarm is not triggering even though the system is armed, and we clearly have the door open. Thank you.

This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.