An Innovative 0‐Day Attack against ZigBee: Exploitation and Protection System Analysis

Internet of Things (IoT) networks are a new phenomenon that connects everyday sensors. Because of the devices’ limited functionality and sensitive existence, protection is a critical and primary concern. We present a novel and highly dangerous challenge to IoT networks in this paper. The attack is based on the use of Remote AT Commands, which allows a malicious user to reconfigure or isolate IoT sensors from the network. We demonstrate the proposed attack and assess its effectiveness by running tests on a real IoT network. The results show how the threat can be implemented effectively and how it can concentrate on the targeted nodes. without disrupting the network’s other nodes Furthermore, we created a cutting-edge security system that can detect and defend devices from this novel attack. Also, using the XBee module, a wireless module used to implement and instantiate ZigBee networks, the security mechanism and attack tool implemented are checked and validated on a real network. When the attack is active, the proposed security scheme checks to see whether devices can interact on the network. In this scenario, just before the sensor is ready to interact on the network, the IoT system performs an internal check: if necessary, an additional reconfiguration is performed to restore the node’s connection and minimise the danger. The findings of this study are intriguing since, if used against a real network, the Remote AT Command attack could cause significant harm to businesses and networks.

Author(s) Details

Ivan Vaccari
Consiglio Nazionale delle Ricerche, IEIIT institute (CNR-IEIIT), Genoa, Italy and Department of Informatics, Bioengineering, Robotics and System Engineering, University of Genoa, Italy.

Maurizio Aiello
Consiglio Nazionale delle Ricerche, IEIIT institute (CNR-IEIIT), Genoa, Italy.

Enrico Cambiaso
Consiglio Nazionale delle Ricerche, IEIIT Institute (CNR-IEIIT), Genoa, Italy.

View Book :-

Leave a Reply

Your email address will not be published. Required fields are marked *