For more global cybersecurity news, visit E-Security’s official website at www.easyaq.com
E-Security reports on April 1st that people are increasingly living and working in “smart” buildings, relying on automated processes to control heating, ventilation, air conditioning, lighting, security, and other operational systems. Are these systems capable of withstanding cyber attack threats?
A research team from Tencent Security is preparing for the upcoming Hack in the Box conference in April, where they will showcase the security weaknesses of smart buildings. The team states that the security issues of smart building devices have not received sufficient attention, and they hope to raise awareness of the security risks associated with smart buildings.
Infiltrating KNX and Zigbee Networks
The Tencent Blade team researchers have been focusing on exploring KNX technology, proposing a new attack method that can control KNX network components and manipulate them.
KNX is the world’s only open standard for smart building control, a European bus technology used for building automation network communication protocols in large public spaces (including stadiums, hotels, airports, etc.) and industrial facilities. KNX is a manufacturer-independent and application-independent system that connects building management devices to the KNX medium through bus devices (sensors/actuators) for information exchange, enabling unified system control, monitoring, and signal transmission without the need for an additional control center.
Zigbee is an emerging short-range, low-rate wireless network technology primarily used for close-range wireless connections. It has its own protocol standards, coordinating communication among thousands of tiny sensors. These sensors require very little energy to relay data from one sensor to another via radio waves, making communication highly efficient. This communication protocol is widely used in home automation systems and is a low-power wireless communication technology.
During validation tests, these researchers attacked a hotel and successfully controlled the lighting, air conditioning, curtains, and other devices within the target hotel. The team stated in an interview that this type of attack requires physical access to the KNX device cabling in the room to exploit the KNX gateway to access the KNX network within the room. They completed this attack using KNX ETS software and various KNX security testing tools.
By analyzing the KNX protocol, the researchers found that it is possible to modify the KNX/IP router configuration via a wired network without accessing the relevant WiFi network or external network.
There are currently several methods available to defend against such attacks, such as better KNX network isolation design, using the latest version of the KNX protocol, and new security encryption mechanisms, while avoiding exposing KNX cabling in areas easily accessible to outsiders.
Automatic Scanning and Attacks on Zigbee Networks
The researchers also tested a large number of related devices that communicate using the Zigbee protocol and discovered multiple security vulnerabilities. Most devices are still using older protocol versions; devices using the new version (v3.0) are pre-configured with a universal link key for installation to ensure compatibility with other widely used Zigbee devices. Additionally, most devices rely on a network key to ensure the security of communication content.
The researchers developed a tool called ZomBee, which can automatically scan and attack Zigbee networks. This tool runs on a Raspberry Pi and can automatically scan all Zigbee network channels surrounding Zigbee devices and launch attacks via broadcast packets.
Although users can disable network access to the Zigbee gateway after pairing Zigbee devices to prevent such attacks, manufacturers need to consider implementing more security mechanisms. Furthermore, the researchers recommend that device manufacturers adopt stronger Zigbee encryption keys and use secure encryption algorithms at the Zigbee application layer.
Differences Between KNX and Zigbee
In terms of stability, bus communication is always more stable than wireless communication;
In terms of intervention stages, bus technology needs to be involved from the design stage, while wireless technology can be introduced at any time;
In terms of control functions, bus technology is richer, while wireless technology has simpler functions;
From a development perspective, wireless technology has developed a significant market over more than ten years.
KNX is truly a European standard, an international standard, a Chinese standard, and an American standard. KNX has been in China for nearly ten years, a relatively short period, but has made significant progress. Many large building intelligent lighting systems now use KNX bus for control, such as those from Siemens, Schneider, ABB, and other manufacturers’ KNX control systems.
Zigbee belongs to wireless communication technology, and unlike KNX, its standardization process is not as mature, while the development of enocean wireless passive technology has had a significant impact on it.
Note: This article is compiled and reported by E-Security. Please indicate the original source when reprinting.
https://www.easyaq.com/news/407947340.shtml
Recommended Reading:
-
Are Smart Devices on the Market Ready-Made Monitors?
-
Smart Robot Attacks Are Here! Either Pay in Bitcoin or Face Death!
-
Believe It or Not, Artificial Intelligence Will Become a Hacker’s Tool!
-
A Serious Vulnerability Exposed in a Smart Adult Toy, Can We Still Enjoy Ourselves?
-
Snowden: The NSA Has Always Been Tracking Bitcoin Users
-
The Most Important Internet Security Protocol Finally Advances
-
The U.S. Proposes a “New AI Bill,” Boosted by the China-U.S. Trade War
▼ Click“Read Original” to see more exciting content