Eyal Ronen ========== Title: IoT Goes Nuclear: Creating a ZigBee Chain Reaction Abstract: In this talk, we describe a new type of attack on IoT devices, which exploits their ad-hoc networking capabilities via the ZigBee wireless protocol, and thus cannot be monitored or stopped by standard Internet-based protective mechanisms. We developed and verified the attack using the Philips Hue smart lamps as a platform, by exploiting a major bug in the implementation of the ZigBee Light Link protocol, and a weakness in the firmware update process. By plugging in a single infected lamp anywhere in the city, an attacker can create a chain reaction in which a worm can jump from any lamp to all its physical neighbors, and thus stealthily infect the whole city if the density of smart lamps in it is high enough. This makes it possible to turn all the city's smart lights on or off, to brick them, or to use them to disrupt nearby WiFi transmissions.