http://www.wuliannanjing.com 2015年09月15日        

  前不久,在拉斯维加斯的2015黑帽子大会上, Cognosec 公司发布了一篇论文,指出在 ZigBee 协议实施方法中的一个缺陷。该公司称该缺陷涉及多种类型的设备,黑客有可能以此危害 ZigBee 网络,“接管该网络内所有互联设备的控制权”,随意操控联网门锁、报警系统,甚至开关灯泡等。








  The ZigBee Alliance and its members take security very seriously. Our members develop standards and protocols to strike the appropriate balance between ease of use and secure interaction of devices to afford the greatest ‘smart’ functionality with the least exposure.

  We are aware of the report prmoted from Black Hat, The risk described is small regarding a singular point in the initial, out-of-the-box joining (when the homeowner is installing a new device) or when a device is re-joining the network after losing contact with its parent – which is a few milliseconds of key exchange. The hack requires substantial knowledge and equipment and is unlikely to occur outside of the security community.

  Security has to fit the application, and schemes are dictated by the resources at hand. It is very hard to enter a 16-digit passphrase into a light bulb when there is no keyboard or monitor. If a scheme is too expensive, too difficult to install, or too time-consuming – consumers won’t apply it.

  ZigBee technology is created and implemented by some of the most successful companies in the world, all of which have access to the latest security schemes. Members of ZigBee Alliance technical working groups actively review the ZigBee security framework as well as industry best practices to stay ahead of evolving threats, and therefore welcome this type of analysis as an open standards community.

阅读技巧:键盘方向键 ←左 右→ 翻页