Disable ZigBee Insecure Rejoin


(Dan Lieberman) #1

As promised in a post 2 weeks ago, the latest firmware update for V2 Hubs has added a new feature associated with ZigBee insecure rejoin that we’ve talked about before. Specifically, we added the option for you to turn on and off the ability for devices to use the insecure rejoin method.

What does this mean?

There’s a more detailed technical description available, but in short, the ZigBee HA 1.2 specification was designed with a convenience feature known as insecure rejoin. Meant to ensure usability, it lets devices that are unable to reconnect to the network securely due to a change in the network to request that the network key be resent using the well known Trust Center Link Key. It came to our attention that a security researcher was able to misuse this feature to cause unauthorized devices to join the ZigBee network.

While the likelihood that this misuse would be exploited in an average smarthome is very low, we wanted to give users the option to disable it entirely.

There may, however, be some negative effects of disabling the insecure rejoin feature. By taking away the ability of end-devices to rejoin the ZigBee network in this manner, some legitimate devices may disconnect from the network and become unresponsive. In order to reconnect stranded devices, the hub and each disconnected device needs to be put back into join mode.

With insecure rejoin disabled, you can ensure that the feature cannot be misused to gain unauthorized access to your ZigBee network, but you may find that some devices lose their connection to the network and need to be reset. By leaving secure rejoin enabled, it may be possible for unauthorized devices to join your network, but your ZigBee devices will always be able to rejoin the network.

How do I disable insecure rejoin?

You can disable insecure rejoin yourself through the “Utilities” page for your hub in the IDE, or by contacting support@smartthings.com for assistance. Detailed instructions are available in the ZigBee “Insecure Rejoin” FAQ on the SmartThings Support Site.

What about my V1 Hub?

We are currently exploring the potential for including this feature in V1 Hubs and will update you here on our progress on the community site.

Thanks,
-d


SwannOne Key Fob Support
SwannOne Sensors
Why is my ST hub always listening?
Osram/Sylvania Lightify (it works)
(Dan Lieberman) #2

(Patrick Stuart [@pstuart]) #3

Thank you for adding this feature. I am sure this was completely tested and a list of devices that are likely effected by disabling this would be available?

Are all SmartThings branded zigbee sensors immune from disconnecting?

What is the best method for detecting a device, especially sleepy devices, has not rejoined the now more secured hub?

What is the recommended action, disable or not? Will hubs ship with this security feature enabled by default in the future?


(ActionTiles.com co-founder Terry @ActionTiles; GitHub: @cosmicpuppy) #4

Giggle. :smile_cat:


(Patrick Stuart [@pstuart]) #5

Well, why else would it take so long to be rolled out?


#6

I feel like ST is in a tough spot here: the problem, in this case, appears to be the spec itself as opposed to ST’s implementation. Until an agreed-upon solution is reached (ZigBee HA 3.0), there aren’t a lot of options other than cutting off a required component of the spec to prevent insecure devices from rejoining the network when there is a disruption in the network itself, which isn’t something ST can control. I don’t think ST is in the wrong for taking this initial step.

I do feel like your last question is valid: what will be the default configuration for this option moving forward?

edit: One other question comes to mind: what is the default reconnect behavior for ST-branded ZigBee HA 1.2 devices?


#7

Choice is good. :sunglasses:

I’m sure this was done because of the press in the techmedia about the possibility of hacking the system. The likelihood of that actually happening was pretty small, but the likelihood of a journalist writing about it was very high. So fixing it makes sense.

I agree that it will be a pain if each customer has to go through And individually modify each of their Zigbee device profiles to keep the device connected. But I also agree that it’s a zigbee limitation, and there’s not a lot that SmartThings can do about it.

I also agree that it would be helpful if SmartThings noted on the official compatibility list those devices that are likely to disconnect if the default is not changed. Knowing that a device can only be operated in an insecure mode might well affect device selection for many customers, especially if the company starts advertising the fact that it offers a secure mode. :wink:


#8

AAre Smartsense branded Zigbee devices likely to disconnect after someone disables the insecure rejoin?


(Ed) #9

Thank you for the info and providing us a choice.

Will give it a try but don’t recall seeing that option when logged into the UK server after the Hub rollout / update. Let me re-check later tonight. Going to assume when things ‘break’, I can re-disable it.


#10

I’ve decided to disable insecure rejoin, at least to see if there is any negative effects on my setup, so I clicked the option and rebooted by hub. I don’t actaully see anywhere that it says if it is on or off, just the links to turn it on or off. Is there anyway to confirm it has been disabled?


#11

All my zigbee devices dropped from the hub - no open/close reports, no motion sense. SmartThings support email sent a replacement motion sensor. That will not join the hub. My problems started about a month ago. Not sure if this feature got released back then or if unrelated. Either way, after shiping the replacement sensor, I have not gotten any replies back from support.

URGH! such a frustrating platform this is. I hate all things iOS, but i hope to god they turn this Home Automation game on it’s head. THIS is why people can’t have nice smart things.


(Wayne) #12

Hi there. Noticed any negative side effects since turning the setting on?


#13

I have not noticed anything. I still have the setting turned off, I think. Though, as I mentioned before, there is only an on/off link without any real confirmation that I turned it off, so I’ve been working under the assumption that it is off.


(Hemanshu Patel) #14

@a4refillpad
I’m not sure if it’s side effect of this change or not, but my zigbee devices(iris contact sensors(all 3)) are draining battery very fast. I’m at 77% in just 2 weeks since I started using them.


(Rudi Prunzel) #15

Are you using the Battery that came with the device?
If this is the case, and in my experience with the Iris devices, the batteries don’t come with 100% full charge some times, but even if it drops to 88% or 77% it will stay there for a long time. If you replace with a new battery you will notice that it will stay at 100% for longer too.


(Hemanshu Patel) #16

Yes I’m using the battery that came with the device.


(Ben W) #17

The battery level “drops quickly” then stays. Most my devices hit 88% or 77% within day or two, and stay like that for months. My guess is they don’t the logic to be down to the percent, but within a range.

I have noticed that my zigbees are dropping from my network more often, since I enabled this. But ST has been acting up too. I will keep an eye on it.


#18

Tier reporting.

I agree, the first step in troubleshooting a new device is just to replace the battery with a new battery and see how that goes. It will probably almost immediately show 88% – – that’s fine. (See the topic linked above)

If it drops a full tier every week, though, after you put in a new battery then that sounds like a device issue.