Zigbee is an energy-efficient wireless IoT protocol that is increasingly being deployed in smart home settings. In this work, we analyze the privacy guarantees of Zigbee protocol. Specifically, we present ZLeaks, a tool that passively identifies in-home devices or events from the encrypted Zigbee traffic by 1) inferring a single application layer (APL) command in the event's traffic, and 2) exploiting the device's periodic reporting pattern and interval. This enables an attacker to infer user's habits or determine if the smart home is vulnerable to unauthorized entry. We evaluated ZLeaks' efficacy on 19 unique Zigbee devices across several categories and 5 popular smart hubs in three different scenarios; controlled RF shield, living smart-home IoT lab, and third-party Zigbee captures. We were able to i) identify unknown events and devices (without a-priori device signatures) using command inference approach with 83.6% accuracy, ii) automatically extract device's reporting signatures, iii) determine known devices using the reporting signatures with 99.8% accuracy, and iv) identify APL commands in a public capture with 91.2% accuracy. In short, we highlight the trade-off between designing a low-power, low-cost wireless network and achieving privacy guarantees. We have also released ZLeaks tool for the benefit of the research community.
翻译:Zigbee是一个节能的无线IoT协议, 越来越多地在智能家庭环境中部署。 在这项工作中, 我们分析了Zigbee协议的隐私保障。 具体地说, 我们展示了Zleaks, 这是一种工具, 被动地从加密Zigbee交通中识别家庭内装置或事件, 1) 在事件交通中推断出单一应用层( APL) 指令, 2) 利用设备的定期报告模式和间隔。 这使得攻击者能够推断用户的习惯, 或确定智能家庭是否易受未经授权进入的影响。 我们评估了19个独特的Zigbee装置在若干类别和5个流行智能枢纽上的效率; 我们展示了Zleaks; 受控的RF屏障, 生活在智能家庭IoT实验室, 以及第三方Zigbee捕捉到。 我们得以i) 利用指令推导法, 准确度83.6%, 自动提取装置报告签名, 三) 使用报告签名确定已知的装置, 准确度为99.8%, 安全度为9. 1. 2, 并且 设计了我们获取工具的低成本。