The Api-Mote is a commodity chip-based device designed specifically for low-level interaction with the IEEE 802.15.4/Zigbee PHY. It supports injection of raw 802.15.4 frames, including those with custom preambles and start-of-frame-delimiters (by using the packet-in-packet trick). It works with the KillerBee framework and Api-do 802.15.4 tools (http://code.google.com/p/zigbee-security/wiki/ApiMote_Overview). It's built on top of a GoodFET, and so it's easy to interact with in your favorite scripting language, over USB. We used the tool to develop tricks for cheap PHY-level fingerprinting of 802.15.4 receivers by sending various non-standard frames; in doing so, we found we could send frames that only certain vendor chips would reliably hear. Our methods can be used for testing WIDS bypasses or for targeted "under-the-radar" attacks on specific vendor's chips, and similar low-level research and assessment.

Bio: Ryan Speers is a co-founder and security researcher at River Loop Security and has extensive experience in IEEE 802.15.4/ZigBee analysis and software and hardware security analysis. He maintains the KillerBee 802.15.4 framework.

Back to Defcon Wireless Village 2014 (Defcon 22) video list