device to pair. This is done to support devices like earbuds that have no ability to
accept input from the user to enter a pairing key. All of this is to say that there may be
Bluetooth devices around that attackers can connect to and pair with to extract infor‐
mation.
We perform Bluetooth testing to discover devices that are not appropriately locked
down to prevent unauthorized connections, which may result in the leakage of sensi‐
tive information. These unauthorized connections may also provide an attacker a way
of controlling other devices, leading to a foothold inside the network.
Zigbee
Zigbee
is a protocol that has been around in concept for more than a couple of deca‐
des, though the protocol itself was ratified in 2004. Recently, Zigbee has seen a sharp
increase in implementations. This is because Zigbee was developed as a personal area
network protocol, and the whole smart-home movement has used this simple, low-
power and low-cost protocol to allow communication throughout the house, between
devices. The point of Zigbee is to offer a way for devices that don’t have a lot of power,
perhaps because they are battery operated, and don’t send a lot of data to communi‐
cate.
As more devices using Zigbee become available, they will increasingly become targets
of attacks. This is perhaps more true for residential users, as more smart-home devi‐
ces are introduced to the market. It is still a concern for businesses, however, because
building automation is a thing. Zigbee is not the only protocol in this space, of
course. Z-Wave is a related protocol, though there are no tools in Kali that will test Z-
Wave. This will likely change over time as more and more devices using Z-Wave are
introduced.
WiFi Attacks and Testing Tools
It’s hard to overstate this, so I’ll say it again: everything is wireless. Your computer,
your tablet, your smartphone, your television, your gaming consoles, various home
appliances, and even garage door openers are all wireless. In this context, I mean they
are wireless in the sense that they support 802.11 in one of its incarnations. Every‐
thing is connected to your network. This makes the systems themselves vulnerable,
and the prevalence of WiFi makes the underlying protocols exposed to attack as well;
as the radio signal of your wireless network passes beyond the walls of your organiza‐
tion, attackers may be able to get access to your information. The only way they can
do that is to compromise the protocol in some way.
Ultimately, the goal of attacking WiFi networks isn’t just to attack the network; it’s to
gain access to information or systems. Or both. The attack against the protocol gets
them access to the information being transmitted across the network. This either gets
