
IoT Goes Nuclear: Creating a ZigBee Chain Reaction - cobookman
http://iotworm.eyalro.net/
======
1propionyl
Clearly, absolutely no one saw this coming, nor did anyone warn us. :-)

How else do you explain how woefully unprepared we are?

~~~
oldmanjay
It's a little hard to distinguish worthwhile warnings from the near-constant
din of finger-wagging

~~~
tptacek
What's great about this argument is how versatile it is. Climate change got
you down? How about deforestation, or antibiotic overuse? Tired of people
telling you not to write web applications in C? Your one liner seamlessly
shuts down discussion in any of those debates!

In fact: the finger-waggers have been right about this issue since
approximately 1988, when Paul Graham's friend shut down much of the Internet
with a tiny C program that shouldn't have been possible to write back then,
but is in fact still possible to write in 2016.

~~~
jlgaddis
Fortunately, folks "woke up" a bit as a result of that event (granted,
security wasn't really a concern at that time). Unfortunately, it was
relatively quickly forgotten and it took another 10-15 years before security
_really_ became something that was looked at as anything other than an
inconvenience or an impediment.

I'm becoming more and more convinced that nothing is going to change (with
regard to overall security in general) until we have some huge event that
negatively impacts a large portion of the population in a major way. Until
then, things will continue as they are, and security won't be taken seriously.

I'm ready for the 2016 version of the 1988 sendmail worm (or perhaps something
with the "average user"-visible impact of the 1990 AT&T crash), just to "get
it over with" and get us moving forward.

~~~
rhizome
The lack of liability changes in the wake of the Target breach (at the very
least) means that companies can foist whatever security model they feel like
upon the market without any possible repercussions. You basically have to be
VW compromising a highly regulated industry for there to be any negative
effects beyond PR, and internet-accessible data is so far completely
unregulated.

~~~
the_unknown
And even then the benefits to ignoring the warnings for companies is still
pretty powerful. VW may have been caught and punished in the US but here in
Canada they are still dragging their feet with any mention of compensation to
victims and our courts are letting them.

"We can't keep driving these and feel good about ourselves. So something needs
to be done and I just want an answer.… It's not about the initial mistake —
it's what you do to make things better."
[http://www.cbc.ca/news/canada/toronto/vw-
emissions-1.3708372](http://www.cbc.ca/news/canada/toronto/vw-
emissions-1.3708372)

------
IshKebab
Wait Hue doesn't use asymmetric keys to sign its firmware updates?

~~~
Dylan16807
Right. Using "standard cryptographic techniques" is not sufficient when you
are using the wrong technique for the job.

~~~
ChuckMcM
I had a discussion once, back when I was wearing a crypto hat, which went like
this:

Me: "Yes triple-DES is reasonably secure, how do you exchange keys?"

Them: "That is part of the connection setup."

Me: "Great, how do you protect the keys during setup?"

Them: "What do you mean?"

Me: "What form of encryption do you use when you're doing the setup, and
sending over the keys?"

Them: "Well we really can't encrypt the setup part, after all we haven't even
set up a connection yet."

Me: "Ok, and thanks. Now move along, we'll call you..."

~~~
timlyo
Trying to learn some more about crypto, what sort of answer would you be
looking for? Would Diffie-Hellman be appropriate?

~~~
ChuckMcM
Yes (and no). Asymmetric which is based on key pairs (generally one public and
one private) allow you to pass around a key that can be intercepted without
compromising your ability to communicate securely using the key your didn't
pass around. That said, it is always important to be attuned to whether or not
those keys can be compromised by "brute force" or through a weakness.

So the vendor who is thinking about it, would have told me about their public
key system which is used in the initial transfer to protect the secrets. Then
they would have described how they can upgrade and change keys over time as
attackers gain the upper hand on various bit lengths, and how the elements of
their system that depend on randomness, do so without being susceptible to a
birthday attack or an algorithm attack on their PRNG.

When they do that, I know they've been thinking seriously about how such
systems are built and deployed and there is some hope that doing the do
diligence "deep dive" will show me a solid system.

~~~
t0mas88
And one part that is often forgotten: How to authenticate the other side.

Without authentication asymmetric encryption is still useless, because someone
could man-in-the-middle your key exchange, swap out the public key that is
sent both ways and make either side think they now have a secure channel with
each other while in reality they have a secure channel with the man in the
middle.

So the challenge is that they'll need some equivalent of what in the HTTPS
world would be a Certificate Authority. For which you'll have the same kind of
update/upgrade path questions that you very rightfully ask for the key
lengths.

~~~
ChuckMcM
Very true. Early on in Java's gestation I was building into it a full
capabilities system for security. One of the challenges of loading classes
which provided export proscribed encryption capability was having the JVM
authenticate the class, and having the class authenticate the JVM it was being
loaded in to.

Of course not all situations need that, but understanding what the endpoints
are trying to achieve and how that objective could be compromised by an
attacker will inform on which identities must be established, and to whom, in
order to achieve that objective.

------
M_Grey
Like being "blindsided"... by a steamroller... from 20 miles away. Then again,
"Disaster in slow motion" seems to be the order of the day, from economics to
climate.

------
revelation

      global AES-CCM key that Philips uses to encrypt and authenticate new firmware
    

Who on earth _authenticates_ firmware through AES. Even Sony realizes that
doesn't work.

(I can already imagine how the idiots fixed this: by drawing another set of
bytes for a new "authentication" key..)

~~~
aruss
It's theoretically sound with a good HSM. But agreed, I'd rather rely on
getting a sound software implementation of an asymmetric signature scheme than
rely on protecting a symmetric key with hardware.

------
ekux44
Philips may have fixed the vulnerability in an update, but that's insufficient
if these devices don't have high update rates.

I wonder how many years until there are fewer than 15000 vulnerable Hue
devices in Paris...

We should hold manufacturers accountable for not aggressively pushing security
updates on their users.

~~~
mivok
Hue forces updates on you every time you go into the app if there's one
available, and you can't use the app until you've updated. Granted this isn't
ideal if you primarily use your light switch or an amazon echo to control the
lights, and fully automatic updates would probably be better, but it comes
pretty close to aggressively pushing updates.

~~~
ekux44
I use my Hue lights daily, but I haven't opened the official app in years
thanks to 3P apps & Philips's own Zigbee switches.

~~~
WorldMaker
I am very happy that my preferred third party app (Huetro, which runs on just
about every device the UWP supports) checks for updates for me (and is kind
enough not to nag about it but make it clear when one is available) because I
never open the official app anymore (but as this article points out do need to
keep things updated).

------
ams6110
If you are silly enough to think that your light bulbs need to connect to the
internet or to each other, you deserve what you get.

I'm glad I bought up a stockpile of incandescents before they were banned.

~~~
adt2bt
I get your point about internet connected light bulbs, but is there a
particular reason you selected incandescents over other more energy efficient
bulbs that don't have IoT capabilities?

~~~
algesten
the quality of light from your average energy bulb is typically terrible. I
like warm light and whilst I know I can't see infra-red frequencies I want to
see a concentration of light towards that end of the spectrum. It just makes
for a much more relaxed feeling.

I stockpiled too. and I have dimmers on pretty much every lamp (including the
toilet), so the bulbs last for a very long time. when you don't burn them on
full wattage they last much much longer.

~~~
adrianN
They make warm-light LED bulbs.

~~~
AnthonBerg
The perceived color temperature of the light is not the main issue in light
quality, but rather the smoothness of the frequency composition of the light.
Cheap LED bulbs have a "gappy" spectrum. "High CRI" bulbs are probaably what
the OP is looking for.

------
user5994461
Everything will be fine =)

It's not even possible to get two ZigBee products from different manufacturers
to operate (like a switch and a lamp).

The attack can't succeed at what the industry's been failing for 10 years.

~~~
runeks

       > It's not even possible to get two ZigBee products from 
       > different manufacturers to operate (like a switch and a  
       > lamp).
    

It may require a distinct payload for each type of device/software, but it
should be possible. You start by infecting a group of devices of one type with
a specific payload, and from there see which other types of devices are in
range, and either carry the required payloads with you or fetch one over a
nearby wifi.

And indeed, if someone were to implement this, they would basically have built
a standard ZigBee inter-device communication protocol, by using existing
software features (bugs), in otherwise incompatible devices.

This is not too far off from something like Stuxnet, so -- given enough
available capital -- it should be possible.

~~~
vanderZwan
> _And indeed, if someone were to implement this, they would basically have
> built a standard ZigBee inter-device communication protocol, by using
> existing software features (bugs), in otherwise incompatible devices._

I was indeed half-joking, half-serious. Actually, aren't there cases where
viruses (the biological kind) have ended up serving a function in the DNA
machinery of multi-cellular life-forms? Would be a funny parallel.

------
alanh
My work is blacklisting this domain (eyaltro.net) for malware — this URL works
for me: [http://colinoflynn.com/iotworm/](http://colinoflynn.com/iotworm/)

(Is it the same content?)

~~~
bbvnvlt
Yes.

------
supergeek133
Did they detail if they heard anything back from Atmel? Or did they reach out
to the Zigbee alliance? I'm reading through the paper and haven't found it
yet. Only that they heard from Philips.

This is also why you're starting to see more and more devices opt to a
completely device to cloud infrastructure instead of local communication. More
control of the stack on device and in the air.

~~~
cryo
There is a official statement now

[http://www.zigbee.org/zigbee-alliance-statement-on-
security/](http://www.zigbee.org/zigbee-alliance-statement-on-security/)

~~~
supergeek133
Thanks.

------
Ar-Curunir
Something cool: The Shamir here is the Shamir of RSA fame.

~~~
mkj
Obviously he's just bitter they didn't use his cryptosystem ;)

------
mancerayder
I see complaints about compatibility with Zigbee, and security holes like
this.

What's the right protocol to use that doesn't have horrible vendor lock-in?
ZWave has some chip licensing requirement, doesn't it?

------
davimack
Domain gets tagged as distributing malware by my work's security system, FYI.
Dunno what list it's gone on, but it's there.

~~~
toomuchtodo
[http://archive.is/gRSfN](http://archive.is/gRSfN)

~~~
cordite
This too is not immune. I get it here too.

~~~
jakobdabo
Well, the HTML contains some very shady (encoded and obfuscated) JavaScript
code.

If you want to investigate further replace the "return r;" in the very end of
those two "evals" with "console.log(r);" then get the decoded code from the
browser's console. Then run through code beautifier (built-in in Firefox JS
debugger) to get readable code. But there are more code obfuscations later,
though easy to reverse but I don't have the time right now.

~~~
bpicolo
OpenDNS blocks the domain it looks like

~~~
ep3998
There is what looks like another site hosted by the other person who partnered
on this: [http://colinoflynn.com/iotworm/](http://colinoflynn.com/iotworm/)

------
kodfodrasz
Nuclear does not mean chain reaction.

I hate these catchy titles.

~~~
mvindahl
Yeah, if it works (which I'm not even sure that it would), it would bear a lot
of resemblance to a computer virus and no resemblance at all to a nuclear
bomb.

~~~
kodfodrasz
Nuclear does not necessarily mean a bomb It mean something in the (atomic)
nuclei or related to these. Forces, reactions, particles, etc.

Surely chain reaction is a member of this set, but not the only thing. Sure,
most nuclear devices we hear about use the chain reaction (power plants,
bombs), but an x-rax machine is also somewhat a nuclear device.

Sometimes we even induce neutron capture, which is the opposite of chain
reactipn (afaik to create some special isotopes, or to start/sustain a chain
reaction).

------
SEJeff
And this is why we can't have nice things :(

