Securing Zigbee devices

Hi all I really hope someone can help. I have a worrying issue I discovered today. I am currently running the latest version of Home Assistant (2021.2.3) and am almost 100% Zigbee based. I was happy until I realised that I can hijack any of my Zigbee devices with Ikea Tradfri dimmers. All I have to do is hold down the pairing button on the Tradfri dimmer, and it takes control of the nearest Zigbee device, from that point on Home Assistant can no longer control the device. This is done without putting the Zigbee device into pairing mode, the dimmer basically hijacks the device.

This is a worry, as I now realise it’s quite easy for neighbours to take control of my devices and I currently have no way of stopping them. Is there anything I can do about this vulnerability?

1 Like

How close do you need to be for this to work? With the Hue Dimmer Switches you have to be really close to the device, so the attacker needs to be in my house already.

We were able to take control of a Light Bulb and a smart Switch from five metres away.

Which zigbee integration are you using? Has this Dimmer been connected to any of these devices in the past? Does it work with ZigBee devices from other manufacturers?

The integration is “Zigbee Home Automation” that is basically built in to Home Assistant, or at least it’s the integration that is found when searching for Zigbee.

The Dimmer was new out of the packaging and never paired with any of the devices before.

The devices it was able to hijack were:

  • INNR Smart Socket
  • Linkind Smart Bulb
  • Livarnolux Smart Bulb