Although the Zigbee protocol implements the Advanced Encryption Standard (AES) protocol the initial key exchange is not protected against sniffing. The network keys are often exchanged in plain text or are encoded using the default factory key. Consequently, if an attacker were to sniff the initial exchange of packets, that attacker would be able to gain access to the network keys and the entire network. The difficulty with this type of attack is that the key exchange only occurs when a new node registers with the network. After this initial exchange all packets are encoded. The trick for these types of attacks, is forcing the network to enter an initialization state. This can be accomplished by creating RF interference that will result in dropped packets. After a certain number of dropped packets a wireless node will think that it has lost connection to the network and will try to reconnect. Then when this occurs the network key can be sniffed. These types of attacks have been carried out by a large number of security researchers [6, 7, 8, 9,
Although the Zigbee protocol implements the Advanced Encryption Standard (AES) protocol the initial key exchange is not protected against sniffing. The network keys are often exchanged in plain text or are encoded using the default factory key. Consequently, if an attacker were to sniff the initial exchange of packets, that attacker would be able to gain access to the network keys and the entire network. The difficulty with this type of attack is that the key exchange only occurs when a new node registers with the network. After this initial exchange all packets are encoded. The trick for these types of attacks, is forcing the network to enter an initialization state. This can be accomplished by creating RF interference that will result in dropped packets. After a certain number of dropped packets a wireless node will think that it has lost connection to the network and will try to reconnect. Then when this occurs the network key can be sniffed. These types of attacks have been carried out by a large number of security researchers [6, 7, 8, 9,