PHOENIX, Aug. 7, 2019 /PRNewswire/ -- Bishop Fox, the largest private professional services firm focused on offensive security testing, has developed a new open-source hacking tool called ZigDiggity to evaluate the security of ZigBee networks used in home security systems and other Internet of Things (IoT) products. Francis Brown, Chief Technology Officer at Bishop Fox, and Matthew Gleason, Senior Security Associate, presented their research, "ZigBee Hacking: Smarter Home Invasion with ZigDiggity," today at the 2019 Black Hat Arsenal. It will also be presented at the DEF CON 27 Demo Lab on August 11.
At Black Hat, Brown and Gleason demonstrated how easy it was to break into several major companies' home security systems, to stop the sensors from sending an alert to the alarm and to unlock the front door (smart locks are connected to many people's security systems). How? Many home security systems use ZigBee to provide simple wireless communication between devices (i.e. low power/traffic, short distance) to send signals from the sensors (on door and window magnets) to the alarm. As ZigBee continues to grow in popularity in all types of Internet of Things products, security concerns around these products are growing as well.
"Unfortunately, existing ZigBee hacking solutions have fallen into disrepair. They have barely been maintained, let alone improved upon, which has left pentesters without a practical way to evaluate the security of ZigBee networks," said Brown. "Companies that want to ensure the security of their ZigBee enabled products and systems need ZigDiggity," added Gleason.
Last year, Brown and his team introduced ZigDiggity as "a proof of concept" at Black Hat to show how it could work. With the introduction this year of the open-source tool, Bishop Fox has created the new weapon of choice for testing products that use ZigBee communication. Click here to get the download instructions for ZigDiggity.
About Bishop Fox
Bishop Fox is the largest private professional services firm focused on offensive security testing. Since 2005, the firm has provided security consulting services to the world's leading organizations — working with over 25% of the Fortune 100 — to help secure their products, applications, networks, and cloud resources with penetration testing and security assessments. In February 2019, Bishop Fox closed $25 million in Series A funding from ForgePoint Capital, which will allow the company to continue to grow its research capabilities and develop next generation offensive security technologies. The company is headquartered in Phoenix, AZ and has offices in Atlanta, GA; San Francisco, CA; New York, NY; and Barcelona, Spain.
SOURCE Bishop Fox