A new security analysis shows that the popular LoRaWAN IoT protocol can be easily hacked thus exposing the security of the network of devices. This is especially worrying as this is one of the most popular implementations of communications used by decentralized devices and industrial modules used in enterprise environments.
LoRaWAN IoT Protocol Is Insecure
The LoRaWAN IoT protocol is now considered as not so secure due to new findings that were published recently online. This is one of the most popular ways to connect devices in enterprise environments as this standard ensures good connectivity using low power. This is particularly useful in production plants, smart city planning and mesh networks where a lot of devices are configured to work together. By design it includes encryption options. However this has made most administrators to trust it by default which allows for many inherent weaknesses to be exploited when certain conditions are available. At the moment no known vulnerabilities are known however there is a worrying fact — there are no existing tools for testing such IoT networks and detecting possible attacks.
The issue that lies within the LoRaWAN IoT protocol is that if the encryption keys are obtained the whole network will become vulnerable. According to the specifications the keys are the only security measure. There are several scenarios that make it possible to obtain them by having physical access to the IoT devices. The keys can be extracted using several common mechanisms:
- Social Engineering Tactics — The criminals that want to intrude onto a given network may use various phishing, blackmail and social engineering tactics that can persuade device owners or administrators into giving them the requested information.
- Spoofing and Sniffing — By having access to potential communicators the hackers can sniff or spoof the network stream and as such retrieve the keys. This is possible when transmissions are done via radio modules.
- Device Tags — Access and activation of devices is often via QR codes and other types of tags that are used in the initial setup. If they are not removed attackers with physical access can intrude onto the network using these credentials.
- Hardcoded Keys — Default passwords and hardcoded strings can sometimes be used in devices that provide external Internet access. Hackers can program automated toolkits into attempting login. This is also linked to easy-to-guess and weak passwords.
- Other System Weaknesses — Access to the network and indirectly to the encryption keys streams can be made possible by exploiting weak services.
When brute force attempts are made the hackers can use the two popular approaches — dictionary attacks or algorithmic guessing. Another possible intrusion detection is the setup of a DDOS attack that can take down certain security infrastructure thus allowing access to the internal communications.
At the moment there are some LoRaWAN security recommendations which experts suggest to be implemented in any IoT network regardless of its size. Device owners should replace the vendor keys with strong and random strings, to always diversify keys on separate devices and to often audit credentials to check for possible weaknesses. The network administrators should always maintain a best security practices guidelines and ensure that it is followed by all users and devices on their networks.