### Rating (1--4): + 3: Weak Accept -- This paper may have flaws, but I would not argue against it at a major conference ### What did this paper do well? + Presenting a powerful attack that is self spreading, proximity dependent rather than network dependent, targeting firmwares + Explaining the hacks with easy-to-understand descriptions and visuals + Proposing a new method of chosen differentials CPA attack against AES (page 10) ### Where did this paper fall short? + Lack of information on ethical guideline for the project. It appears that the research team had a guideline but we do not know how strong that is (the hack that made Phillip HUE lights blink "SOS" was carried out with consent from the building or not? Even when the team brought their own lamps to the building garage, the signals from the drones may affect actual relevant products inside the building - note that the Phillip lamps are popular) + While the paper proposed the possibility of just plugging a compromised lamp into the network will initiate the infection, it is notable that the team use more powerful boards in their prototype. While the threat of war-flying is real, the threat of worms transfer from one actual compromised lamp to another is reasonably slim. + The paper did not provide a brief survey on what kinds of iot devices are using this vulnerable ZLL. It appears that the exploit works only on Phillips lamps (due to various pitfalls from Phillips dev team). The paper is still great but it could be greater if it touches a little bit more on the potential impacts outside of Phillip products. (note that there may be reasons to not invest too much on making a lamp secure because when a lamp got compromised, it may not be a big deal) ### What did you learn from reading this paper? + Devastating bug lives in heavily commercialized products, made by big companies + An example of war-flying + Percolation theory and ZigBee Light Link + Several important hardware hack techniques such as power analysis as a side-channel attack. + The importance of software testing (can't count on code comments left by other developers) + Creating and enforcing standards are very important. We need to make sure standards were carefully written (well designed), and everyone should follow it (integrity). ### What questions do you have about the paper or the area? + How does this attack scale to other IOT device? (this attack is based on a particular bug in a particular product) + How many percent of iot device employs ZigBee ? + Is there a link between processing power of iot and those vulnerable security deployment? (such as hardcoded key, one Master ZLL key for all ZLL devices **facepalm) + Solutions to ZigBee? + How do anti debug fuses work ?
