Skip to main content

Insider Attacks on Zigbee Based IoT Networks by Exploiting AT Commands

  • Conference paper
  • First Online:
Applications and Techniques in Information Security (ATIS 2019)


This paper has presented three insiders attacks on Zigbee protocol – a protocol used for wireless communication for the Internet of Thing (IoT) devices. The end- user’s communication in IoT networks are sensor oriented as the user objects in IoT networks are embedded with sensors and actuators. Most of the sensors communicate with wireless medium among which many of them use Zigbee protocol. Security is an important element of IoT objects to protect user’s privacy and counter malicious attacks but difficult to guarantee due to its limited capabilities, wireless communication and unpredicted users’ actions. In this paper, we have evaluated Zigbee protocol stack for security vulnerabilities which revealed security weakness of remote AT commands. By using remote AT commands in an IoT network, we have devised three successful insider attacks to make unauthorized change of the destination address of a packet, change of node ID, and the change of PAN ID. These attacks detail will be very useful for IoT researches and practitioners in the security domain to design appropriate countermeasures for Zigbee IoT networks.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others


  1. Fan, X., Susan, F., Long, W., Li, S.: Security Analysis of ZigBee. MIT Press, cambridge (2017)

    Google Scholar 

  2. Vaccari, I., Cambiaso, E., Aiello, M.: Remotely exploiting AT command attacks on ZigBee networks. Secur. Commun. Networks 2017, 1–9 (2017)

    Article  Google Scholar 

  3. Baronti, P., Pillai, P., Chook, V.W., Chessa, S., Gotta, A., Hu, Y.F.: Wireless sensor networks: a survey on the state of the art and the 802.15. 4 and ZigBee standards. Comput. Commun. 30(7), 1655–1695 (2007)

    Article  Google Scholar 

  4. Wright, J.: Killerbee: practical zigbee exploitation framework (2009)

    Google Scholar 

  5. Stelte, B., Rodosek, G.D.: Thwarting attacks on zigbee-removal of the killerbee stinger. In: Proceedings of the 9th International Conference on Network and Service Management (CNSM 2013), pp. 219–226. IEEE (2013)

    Google Scholar 

  6. Biswas, A., Alkhalid, A., Kunz, T., Lung, C.-H.: A lightweight defence against the packet in packet attack in ZigBee networks. In: 2012 IFIP Wireless Days, pp. 1–3. IEEE (2012)

    Google Scholar 

  7. Cambiaso, E., Papaleo, G., Chiola, G., Aiello, M.: Slow DoS attacks: definition and categorisation. Int. J. Trust Manag. Comput. Commun. 1(3–4), 300–319 (2013)

    Article  Google Scholar 

  8. Suo, H., Wan, J., Zou, C., Liu, J.: Security in the internet of things: a review. In: 2012 International Conference on Computer Science and Electronics Engineering, vol. 3, pp. 648–651. IEEE (2012)

    Google Scholar 

  9. Jhaveri, R.H., Patel, S.J., Jinwala, D.C.: DoS attacks in mobile ad hoc networks: a survey. In: 2012 Second International Conference on Advanced Computing & Communication Technologies, pp. 535–541. IEEE (2012)

    Google Scholar 

  10. Kandoi, R., Antikainen, M.: Denial-of-service attacks in OpenFlow SDN networks. In: 2015 IFIP/IEEE International Symposium on Integrated Network Management (IM), pp. 1322–1326. IEEE (2015)

    Google Scholar 

  11. Shila, D.M., Cao, X., Cheng, Y., Yang, Z., Zhou, Y., Chen, J.: Ghost-in-the-wireless: energy depletion attack on zigbee. arXiv preprint arXiv:1410.1613 (2014)

  12. Vidgren, N., Haataja, K., Patino-Andres, J.L., Ramirez-Sanchis, J.J., Toivanen, P.: Security threats in ZigBee-enabled systems: vulnerability evaluation, practical experiments, countermeasures, and lessons learned. In: 2013 46th Hawaii International Conference on System Sciences, pp. 5132–5138. IEEE (2013)

    Google Scholar 

  13. Pacheco, L.A.B., Gondim, J.J.C., Barreto, P.A.S., Alchieri, E.: Evaluation of distributed denial of service threat in the internet of things. In: Proceedings of the 15th IEEE International Symposium on Network Computing and Applications, NCA 2016, pp. 89–92, November 2016

    Google Scholar 

  14. Li, H., Jia, Z., Xue, X.: Application and analysis of ZigBee security services specification. In: 2010 Second International Conference on Networks Security, Wireless Communications and Trusted Computing, vol. 2, pp. 494–497. IEEE (2010)

    Google Scholar 

  15. Sastry, N., Wagner, D.: Security considerations for IEEE 802.15. 4 networks. In: Proceedings of the 3rd ACM Workshop on Wireless Security, pp. 32–42. ACM (2004)

    Google Scholar 

  16. Faludi, R.: BuildingWirelessSensorNetworks: with ZigBee, XBee, Arduino, and Processing, O’ReillyMedia Inc, Sebastopol (2010)

    Google Scholar 

  17. Digi International Inc. How XBee devices communicate (2019)

    Google Scholar 

  18. Ray, B., Huda, S., Chowdhury, M.U.: Smart RFID reader protocol for malware detection. In: 2011 12th ACIS International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing, Sydney, NSW, pp. 64–69 (2011)

    Google Scholar 

  19. McGinthy, J.M., Wong, L.J., Michaels, A.J.: Groundwork for neural network-based specific emitter identification authentication for IoT. IEEE Internet Things J. Early access Published on 03 April 2019

    Google Scholar 

Download references

Author information

Authors and Affiliations


Corresponding author

Correspondence to Waqas Ahmad Piracha .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Piracha, W.A., Chowdhury, M., Ray, B., Rajasegarar, S., Doss, R. (2019). Insider Attacks on Zigbee Based IoT Networks by Exploiting AT Commands. In: Shankar Sriram, V., Subramaniyaswamy, V., Sasikaladevi, N., Zhang, L., Batten, L., Li, G. (eds) Applications and Techniques in Information Security. ATIS 2019. Communications in Computer and Information Science, vol 1116. Springer, Singapore.

Download citation

  • DOI:

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-15-0870-7

  • Online ISBN: 978-981-15-0871-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics