That blog article is new, but the paper that it references was released in Autumn 2016 and it was discussed in depth in the forums at that time.
Phillips released a patch to close the vulnerability within a couple of weeks of the paper appearing, so it’s old news.
And here the official zigbee alliance statement from November 2016
http://www.zigbee.org/zigbee-alliance-statement-on-security/
2 Likes