ZigBee联盟关于“采用 ZigBee 协议的智能家居设备存在严重漏洞”的声明
The ZigBee Alliance and its members take security very seriously. Our members develop standards and protocols to strike the appropriate balance between ease of use and secure interaction of devices to afford the greatest ‘smart’ functionality with the least exposure.
We are aware of the reportpromoted from Black Hat, The risk described is small regarding a singular pointin the initial, out-of-the-box joining (when the homeowner is installing a newdevice) or when a device is re-joining the network after losing contact withits parent – which is a few milliseconds of key exchange. The hack requires substantial knowledge andequipment and is unlikely to occur outside of the security community.
Securityhas to fit the application, and schemes are dictated by the resources at hand.It is very hard to enter a 16-digit passphrase into a light bulb when there isno keyboard or monitor. If a scheme is too expensive, too difficult to install,or too time-consuming – consumers won’t apply it.
ZigBeetechnology is created and implemented by some of the most successful companiesin the world, all of which have access to the latest security schemes. Membersof ZigBee Alliance technical working groups actively review the ZigBee securityframework as well as industry best practices to stay ahead of evolving threats,and therefore welcome this type of analysis as an open standards community.