Reply to post:

Oh no ZigBee, as another front opens on home networking insecurity

Vic

From a security perspective should it not be two way authentication? i.e. I push button on device to be connected and on the hub (potentially via a web interface/app) otherwise it won't connect?

That's still insufficient; given the flawed implementations detailed in the article, a deliberate, legitimate pairing could still be sniffed, leading to the leaking of the security key. This allows a (prepared) attacker to join the PAN and attack its members.

Vic.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon