This paper has shown that all Chipcon radios at the time of publication are vulnerable to key theft because of unprotected Data memory. Further, as all popular 8051 compilers place even constants in Data memory for performance reasons, it can be assumed that all products which were shipped prior to the authorship of this paper are vulnerable. Extracting a key is as simple as connecting a debugger, erasing the chip, then freely reading the contents of RAM. Further, as the competing radios from Ember oﬀer even less security, the tamper resistance of wireless sensors should perhaps be considered forfeit by default.Here's the paper he just presented in Vegas.
Monday, August 3, 2009
2nd Gen Zigbee Hack Method Revealed at Black Hat 09
Zigbee is an enabling technology for energy management products in the home. Assuming security analyst Travis Goodspeed's work is solid, you don't have to be a security expert to get the gist of his conclusions re: a popular Zigbee device: :