Sharpening the Stinger: Tuning KillerBee for Critical Infrastructure Warwalking

Wireless mesh networks are increasingly incorporated into systems recognized as critical infrastructure, including hospitals and smart electrical grids. The Killer Bee exploitation framework is a package of open source tools used to locate, analyze, and disrupt IEEE 802.15.4 low rate networks in these critical systems. Penetration testers use the tool named zbfind to rapidly locate wireless transmitters, estimating distance from received signal strength. Recent work demonstrates that the transmitter distance estimation model in the initial zbfind release is highly inaccurate. Results herein strongly suggest that the Atmel RZUSB stick is a viable hardware platform for zbfind war walking, but that CC2420-based boards are inadequate. This work also demonstrates improved distance estimation models for locating transmitters in hospitals and in smart utility meters while on foot (i.e., War walking). A distance estimation model fitted to data collected in a military hospital is shown to also improve accuracy against an operational ZigBee mesh network in a civilian hospital. Outdoor war walking necessitates different model parameters than used indoors, so this work also demonstrates a distance estimation model for use against smart utility meters.