Internet of Things (IoT) products proliferate the market today. They manifest in different forms – right from a pacemaker inside a human body, to an oil and gas rig monitoring device in the remotest locations on the planet. The hardware form factors in many such IoT solutions use tiny micro-controllers with strict low power consumption requirements. Securing these platforms often poses several security challenges.

The IEEE 802.15.4 is a standard developed for low-rate wireless personal area networks (LR-WPANs). The base specification of the standard does not specify how to secure the traffic between the IoT devices and the backend infrastructure, so there are often vulnerabilities in the design and implementation.

Penetration testing of Zigbee-class wireless sensor networks needs specialized hardware and software stacks for packet sniffing and injection. In this presentation, we will talk about various market-available solutions that pen-testers can use for debugging and attacking such networks using USB-based dongles. We will demonstrate two custom hardware boards equipped with programmable microcontrollers that work with open-source software solutions for performing attacks on an IEEE 802.15.4-based wireless sensor network. After our demos, we will discuss various hardening methodologies to protect IoT systems against such attacks.