In this video, learn how to use ZigDiggity, a handy tool for pen testers.
Welcome to smarter home-invasion with ZigDiggity, the new ZB penetration testing toolkit from Bishop Fox. First we scan for nearby ZigBee wireless networks once we see a device whose behavior resembles that of a lock. We perform a ZigBee insecure rejoin attack to join their network and extract the network key, so that we can attack the lock and the controller directly. Next, the pan ID conflict gets rid of the real controller. Finally, we send a signal to unlock the lock. We continue to perform a Zigbee ACK attack against the door sensors. This is why the alarm is not triggering even though the system is armed, and we clearly have the door open. Thank you.