Tuya ZigBee Device Security: Implementation and Data Exchange Concerns

Hello HA enthusiasts
A question to which the answer for me is not obvious, and there is not much material, at least so quickly to be found. Do you perhaps have any leads on a description of the protocol, e.g. ZigBee used by Tuya? Obviously the documents about ZigBee themselves are there, but I'm concerned with the implementation of data exchange by Tuya-compatible devices. Of course, the issue is security. ZigBee has some sort of encryption protocol there with a fixed key, so it's known how it is. But just because it supposedly has it implemented, doesn't immediately mean that the manufacturer also implements it and does it well. Just as with WiFi, it is not at all said that everything goes by WPA2, or even if it does, that the whole implementation is correct.
And since such devices can control quite important functions - e.g. doors, garage door, it is worth considering security. The problem of disconnection from the cloud itself has already been discussed and is a separate topic, but I am interested in the problem of security of the local network in which these devices operate.

For all my dabbling in microcontrollers, and I've periodically dabbled for many years, you're the first one to ask yourself these questions.
Congratulations (totally serious)

Just like the typical C language UB, buffer overflow etc, no one asks themselves.

Added after 15 [minutes]:

PS. apparently Teslas and your other cars can be hijacked wirelessly

My fear is that the protocol is so poorly implemented that an outsider (a thief, to put it bluntly) will connect to the network, open the door and have free access to everything. In a way, the derivative of such a situation is to take care of privacy - but another portion of our information leaks out, and at our own request. Moreover, it is a great tool for a thief - I connect to the HA network, I analyse the habits of the household members, I know when they are there, what they are doing when they are not. From the thief's point of view, it's a paradise on earth.
We install devices manufactured in China, I think that no one even thinks about security there - or maybe I'm wrong?
That's why I'm looking for more on the implementation of communication between devices in such a network, security analyses, etc.
Light at the end of the tunnel are open source systems, the possibility of reflashing in order to just disconnect from the manufacturer's cloud, but also another layer should be the analysis of how data is exchanged between devices. Even more so if they are WiFi devices, which can give an attacker full access to the local network - which most users tend to treat as trusted.

tmf wrote:

All the more so if they are WiFi devices that can give an attacker full access to the local network - which most users tend to treat as trusted.

As you know, the more aware and equipment-owning users will separate a VLAN to operate.

tmf wrote:

Well, that's exactly the situation I'm worried about, where the protocol is so poorly implemented that an outsider (a thief to put it bluntly), will connect to the network, open the door and have free access to everything.

I, for example, do not expect any level of security from smart home solutions like Tuya or Xaomi. Instead, I expect vulnerabilities, bugs and spying. I am writing as a realist user.

For the following solutions, my expectations are great:
https://www.elektroda.pl/rtvforum/topic4042920.html
https://www.elektroda.pl/rtvforum/topic4034617.html
Yes, my expectations of the aforementioned solutions in terms of cyber security are great and... unfulfilled

It is good to publicise such topics. Maybe something will improve in this respect.

freebsd wrote:

As you know, more knowledgeable users with the right equipment will carve out a VLAN to operate.

I kind of chose ZigBee too, because it kind of automatically carves itself out of the network and there is only one point of contact - the ZigBee-Eth/WiFi gateway.
However, whether it is ZigBee or WiFi, the problem is that a foreign device may try to connect to the device, exploiting gaps in the protocol implementation. With cable connections, the problem is less acute, as the intruder would have to physically plug in, but with radio connections it is easier. This is why the firmware of these devices is critical, and if it is closed, we really have a cat in the bag. As I see it, there are virtually no serious security analyses of Tuya type systems and the like on the internet. As long as it controls an LED then let's say it's not critical, but if you want to use HA for something more serious then it's a problem.That's why I'm looking for some material or analysis.

freebsd wrote:

I, for example, from smart home solutions like Tuya or Xaomi, I don't expect any level of security. Instead, I expect vulnerabilities, bugs and spying. I am writing as a user-realist.

I have similar concerns, but that is to say that such systems are better thrown in the bin straight away. Which would be a somewhat depressing conclusion.