Hacker News new | past | comments | ask | show | jobs | submit login

This may not be much of an attack. The master key is used only during "commissioning", when a controller is introduced to a light. Then they exchange keys, and the random key generated by the controller is sent to the light, encrypted with the master key. The light then stores the controller key. The controller and light must be physically close for this to work.[1]

Once you've done that, it's difficult to reset a light to factory defaults. There's a program called "LampStealer" which does this, but the controller and lamp have to be brought very close together, and even then it doesn't always work.

Some devices can be reset by connecting to the Zigbee bridge with Telnet on port 30000, then typing various simple commands. That's a bigger worry than a leak of the master key.

[1] https://docs.zigbee.org/zigbee-docs/dcn/12/docs-12-0255-01-0...




It's worth noting that for the port 30000 Telnet interface (At least on the Philips Hue bridge), it also needs to be physically close for it to work. In fact, this is how LampStealer works - it sends the command to the bridge over TCP.


How does it enforce requiring close proximity?


by very weak transmission power, probably


True but it does allow snooping of the commissioning process. And now it may allow easier factory resetting of zll devices by having a custom user device join the zll network. It could also mean some cheap unauthorized lights and remotes/accessories appearing in loosely regulated markets which would be compatible with major systems like hue.


Thank you - I had just posted questions to all your answers (deleted now) :)

The #DIY hashtag in the tweet implies that this is less about security but about allowing custom base stations to be built.


Some bulbs have a reset function built in, triggered by cycling the power. I believe that for GE bulbs it's 3sec off, 3s on repeated a couple of times.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: