- Letchworth Garden City, Hertfordshire
We are innovative, robust and fast growing business, whose main focus is to deliver continues improvement to existing products and offer new soluti...
- Recruiter: Helmet Integrated Systems / Gentex Corporation
- Cumbernauld, Glasgow
- Grade: 6/7* £26,537 - £37,768*
Work as part of a growing dynamic team on a wide range of technical projects with particular emphasis on experimental validation and testing
- Recruiter: University of Strathclyde
- Hatfield, Hertfordshire
Responsible for updating and writing electrical engineering standards, approved codes of practice and safe systems of work
- Recruiter: Affinity Water
- York, North Yorkshire
Senior electronics engineer to work as part of a team developing an MEG imaging system; working with the engineering team and external contractors.
- Recruiter: York Instruments
- Lostock Junction
- Competitive Salary & Benefits
Whats the opportunity? Manufacturing UK is an integral part of the Operations Directorate whose principal mission is to ensure that MBDAs deliverable commitments are met...
- Recruiter: MBDA
- Great Dunmow, Essex
This High Voltage Engineer will provide design leadership for high voltage cable assemblies up to one megavolt.
- Recruiter: Essex X-Ray & Medical Equipment
- Barrow-In-Furness, Cumbria, England
Team Leader - Flank Arrays Would you like to work in a unique role within the construction of the Astute Class submarines? We currently have a vacancy for a Team Leader - Flank Arrays at our site in Barrow-in-Furness. As a Team Leader - Flank Arrays, you
- Recruiter: BAE Systems
- circa £35,000 per annum + bonus
Develop new test equipment for the pharmaceutical industry. Good opportunities to grow and develop. Successful family-owned and managed business.
- Recruiter: Copley Scientific Ltd
- Shropshire, Telford, England
Bridge Test Facility ManagerWe currently have a vacancy for a Bridge Test Facility Manager at our site in Telford with our Land UK business.As the Bridge Test Facility Manager, you will be part of our Test & Trials team, working closely with the Mili
- Recruiter: BAE Systems
- Workington, Cumbria
- Competitive salary + bonus & great benefits
A wide-ranging Maintenance Electrician role with United Utilities, serving millions in the North West.
- Recruiter: United Utilities
Zigbee's wireless security flaws threatens IoT devices
Cognosec's Tobias Zillner [R] and Sebastian Strobl [L], whose research uncovered the ZigBee vulnerability
The ZigBee wireless communications specification used by many Internet of Things (IoT) devices contains critical security flaws, IT firm Cognosec has claimed.
Speaking at the Black Hat USA conference in Las Vegas recently, Cognosec senior IS auditor Tobias Zillner named the principle security risks in ZigBee implementations, revealed which devices are affected by them and demonstrated practical exploitations of actual product vulnerabilities.
Conducting real-world assessments on identified vulnerabilities, Cognosec found that it is possible to compromise ZigBee networks and thereby take control of connected devices on a network. Smart home devices such as lights, motion sensors, temperature sensors and even door locks, for example, could be compromised via such vulnerabilities, Zillner warned.
First standardised in 2003, the ZigBee specification was developed to enable secure wireless communication for a range of IoT devices; however, low per-unit-costs, interoperability and compatibility requirements, along with the application of legacy security concepts, has resulted in persistent known security risks, said Zillner.
"The key to communicating between devices on a ZigBee network is the usage of 'application profiles'. ZigBee home automation profiles permit a series of device types to exchange
control messages to form a wireless home automation application," Zillner explained in his Black Hat presentation. "These devices are designed to exchange well-known messages to effect control, such as turning a lamp on or off, sending a light sensor measurement to a lighting controller, or sending an alert message if an occupancy sensor detects movement."
Vendors wanting a device to be compatible to other certified devices from other manufacturers have to implement the standard interfaces and practices of this profile, Zillner added: "However, the use of a default link key introduces a high risk to the secrecy of the network key. As the security of ZigBee is reliant on the secrecy of the key material - and therefore on the secure initialisation and transport of the encryption keys - this default fallback mechanism has to be considered as a critical risk."
As a result the ZigBee specification "requires that an insecure initial key transport has to be supported, making it possible to compromise ZigBee networks, and take control of all connected devices on the network,” Zillner argued. The practical security analysis of devices Cognosec assessed indicated that the solutions are designed for easy set-up and usage, "but lack configuration possibilities for security, and [also] perform a vulnerable device pairing procedure that allows external parties to 'sniff' the exchanged network key... This represents a critical vulnerability, as the security of the solution is reliant on the secrecy of this network key”.
One use case Zillner highlighted was of external parties able to gain control over home automation systems, which have high privacy requirements, and as such can be a source of personalised data. Cognosec tests with light bulbs, motion and temperature sensors and door locks also showed that the vendors of the tested devices implemented the minimum of the features required to be certified; no other options to raise the level of security were implemented and available to the end-user, the company asserted.
“The shortcomings and limitations we have discovered in ZigBee have been created by [vendors wanting] to create the latest and greatest products – which these days means they are likely to be Internet-connected,” according to Cognosec's Zillner. “Simple units such as light switches have to be compatible with a host of other devices and [therefore] little consideration is made to security requirements – most likely to keep costs down.”
Cognosec has published its findings in a Zigbee security white paper.
"We visit Barcelona, one of the smartest cities in the world, to find out what makes it so special. What does it look like and what is the future?"
- Turning sunlight into heat doubles solar cell efficiency
- Apple investigating electric vehicle charging stations
- Paul McCartney releasing virtual reality song featurettes
- Scania testing 5G networks for autonomous truck platoons
- Full colour e-ink display could bring magazines to Kindles
- Driverless truck inspired by animal behaviour