Learn, hack!

Hacking and security documentation: slides, papers, video and audio recordings. All in high-quality, daily updated, avoiding security crap documents. Spreading hacking knowledge, for free, enjoy. Follow on .

Making (and Breaking) an 802.15.4 WIDS

Javier Vazquez, Ryan Speers, Sergey Bratus
Troopers 2014
Indexed on
Jan 25, 2015

Real-world security-critical systems including energy metering and physical security monitoring are starting to rely on 802.15.4/ZigBee digital radio networks. These networks can be attacked at the physical layer (reflexive jamming or via Packet-in-packet attacks), the MAC layer (dissociation storms), or at the application layers. Proprietary WIDS for 802.15.4 exist, but don’t provide much transparency into how their 802.15.4 stacks work and how they may be tested for evasion. As the classic Ptacek & Newsham 1998 paper explained, tricks used to evade a NIDS tell us more about how a protocol stack is implemented than any specifications or even the RFCs. For WIDS, evasion can go even deeper: while classic evasion tricks are based on IP and TCP packet-crafting, evading 802.15.4 can be done starting at the PHY layer! We will explain the PHY tricks that will make one chip radio see the packets while the other would entirely miss them regardless of range; such tricks serve for both WIDS testing and fingerprinting. We will release an open, extensible WIDS construction and testing kit for 802.15.4, based on our open-source ApiMote hardware. ApiMote uses the CC2420 digital radio chip to give you access to 802.15.4 packets at the nybble level. It can be easily adopted for detecting attacks at any protocol level. It also lets you test your ZigBee WIDS and devices from the frame level up. We will give out some of the ApiMotes.

About us

Secdocs is a project aimed to index high-quality IT security and hacking documents. These are fetched from multiple data sources: events, conferences and generally from interwebs.


Serving 8165 documents and 530.8 GB of hacking knowledge, indexed from 2419 authors from 163 security conferences.


To support this site and keep it alive, you can click on the buttons below. Any help is really appreciated! This service is provided for free, but real money is needed to pay bills.

Flattr this Click here to lend your support to: Keep live SecDocs for an year and make a donation at www.pledgie.com !