WazaBee: attacking Zigbee networks by diverting Bluetooth Low Energy chips

This paper discusses the security of wireless communication protocols of the Internet of Things (IoT) and presents a new attack targeting these protocols, called WazaBee, which could have a critical impact and be difficult to detect. Specifically, WazaBee is a pivotal attack aimed at hijacking BLE devices, commonly used in IoT networks, in order to communicate with and possibly attack through a different wireless network technology, considering protocols based on 802.15.4, in particular Zigbee. We present the key principles of the attack and describe some real-world experiments that allowed us to demonstrate its practical feasibility. The attack takes advantage of the compatibility that exists between the two modulation techniques used by these two protocols. Finally, the paper briefly discusses possible countermeasures to mitigate the impact of this attack.