An Innovative 0-Day Attack against ZigBee: Exploitation and Protection System Analysis

Internet of Things networks represent an emerging phenomenon bringing connectivity to common sensors. Due to the limited capabilities and to the sensitive nature of the devices, security assumes a crucial and primary role. In this paper, we report an innovative and extremely dangerous threat targeting networks. The attack is based on Remote AT Commands exploitation, providing a malicious user the possibility to reconfigure or disconnect sensors from the network. We present the proposed attack and evaluate its efficiency by executing tests on a real network. Results demonstrate how the threat can be successfully executed and how it is able to focus on the targeted nodes, without affecting other nodes of the network. Moreover, we developed an innovative protection system able to detect and protect the devices from this innovative threat. Also, the protection system and the attack tool implemented are tested and validated on a real network by using XBee mod? ule, a wireless module adopted to implement and instantiate ZigBee network. The proposed protection system aims to verify if devices are able to communicate on the network when the attack is running. In this case, just before the sensor is ready to communicate on the network, an internal check is accomplished directly by the device: if needed, an additional reconfiguration is accomplished, in order to restore connectivity of the node in order to mitigate the threat. The results of this work are very interesting since, if executed against a real network, the Remote AT Command attack could create huge damage to companies and networks.