Bishop Fox named “Leader” in 2024 GigaOm Radar for Attack Surface Management. Read the Report ›

ZigDiggity: ZigBee Hacking Toolkit

Presentation from Black Hat USA 2019 reveals an open-source pentest arsenal for Zigbee networks.

Download Resource

Presentation by Fran Brown and Matt Gleason at Black Hat USA 2019

Do you feel safe in your home with the security system armed? You may reconsider after watching a demo of our new hacking toolkit, ZigDiggity, where we target door & window sensors using an "ACK Attack". ZigDiggity will emerge as the weapon of choice for testing Zigbee-enabled systems, replacing all previous efforts. Zigbee continues to grow in popularity as a method for providing simple wireless communication between devices (i.e. low power/traffic, short distance), & can be found in a variety of consumer products that range from smart home automation to healthcare. Unfortunately, existing Zigbee hacking solutions have fallen into disrepair, having barely been maintained, let alone improved upon.

Left without a practical way to evaluate the security of Zigbee networks, we've created ZigDiggity, a new open-source pentest arsenal from Bishop Fox.

Updates include migration to better hardware for testing (e.g. SDRs), and a slew of newly implemented Zigbee attacks types. Our DEMO-rich presentation showcases ZigDiggity's attack capabilities by pitting it against common Internet of Things (IoT) products that use Zigbee.


Francis brown

About the author, Francis Brown

Co-Founder and Board Member

Francis Brown, CISA, CISSP, MCSE, is the Co-founder and Board Member of Bishop Fox. Before founding Bishop Fox, Francis served as an IT Security Specialist with the Global Risk Assessment team of Honeywell International where he performed network and application penetration testing, product security evaluations, incident response, and risk assessments of critical infrastructure. Prior to that, Francis was a consultant with the Ernst & Young Advanced Security Centers and conducted network, application, wireless, and remote access penetration tests for Fortune 500 clients.

Francis has presented his research at leading conferences such as Black Hat USA, DEF CON, RSA, InfoSec World, ToorCon, and HackCon and has been cited in numerous industry and academic publications. Francis holds a Bachelor of Science and Engineering from the University of Pennsylvania with a major in Computer Science and Engineering and a minor in Psychology. While at Penn, Francis taught operating system implementation, C programming, and participated in DARPA-funded research into advanced intrusion prevention system techniques.

More by Francis
Matt gleason

About the author, Matt Gleason

Bishop Fox Alumnus

Matt Gleason is a Bishop Fox alumnus. He focused on application penetration testing (static and dynamic), network penetration testing (external and internal), and cloud deployment reviews.

Matt is an active security researcher and presented on the ZigDiggity attack tool targeting home automation networks at Black Hat USA and DEF CON. He also presented at The Active Directory Kill Chain: Is Your Company at Risk at (ISC)2 Phoenix. In this talk, he explained how enterprises could protect themselves against a potentially devastating Microsoft Active Directory exploit.

More by Matt

Extend Your Knowledge

Check out these related resources.

The Ponemon Security offensive security blueprint for the technology industry with preview of report.
Report

The Offensive Security Blueprint for Technology & Software

Bishop Fox's Technology and Software industry cut provides a comprehensive analysis of offensive security trends within the sector, using industry data gathered from our joint research report with the Ponemon Institute.

Learn More
2024 Q1 DIGITAL DS COSMOS Tile
Datasheet

Cosmos Datasheet

Learn how Cosmos combines attack surface management with expert-driven penetration testing to help security teams identify and remediate dangerous exposures before attackers can exploit them.
Learn More
Managed Security Service: Cosmos External Penetration Testing (CEPT) datasheet pages thumbnail floating on dark background..
Datasheet

Cosmos External Penetration Testing (CEPT) Datasheet

Learn how Cosmos External Penetration Testing (CEPT) expands the scope of Cosmos Attack Surface Management to deliver the highest level of attack surface protection and meet compliance requirements.

Learn More

This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.