LoRaWAN smart device networks susceptible to hacking

Millions of connected devices used in smart cities, industrial IoT and smart homes could be hijacked to disrupt services, damage equipment and even cover up attacks against infrastructure.

  • Wednesday, 29th January 2020 Posted 4 years ago in by Phil Alsop

IOActive, Inc has released a new research paper, ‘LoRaWAN networks susceptible to hacking: common cyber security problems, how to detect and prevent them’. The researchers found that the LoRaWAN protocol – which is used across the globe to transmit data to and from IoT devices in smart cities, Industrial IoT, smart homes, smart utilities, vehicle tracking and healthcare – has a host of cyber security issues that could put network users at risk of attack. Such attacks could cause widespread disruption or in extreme cases even put lives at risk. 

 

The researchers found the root keys used for encrypting communications between smart devices, gateways and network servers are often poorly protected and easily obtainable through several methods. This could leave the network vulnerable to malicious hackers who could be able to compromise the confidentiality and integrity of the data flowing to and from connected devices, in order to:

 

  • Conduct Denial of Service attacks: Once hackers have the encryption keys, they can gain access to the network and cause DoS (Denial of Service) attacks, disrupting communications between connected devices and the network server, so companies can’t receive any data. 
  • Send false data: Alternatively, attackers could intercept communications and replace these with false data, such as fake sensor and meter readings. This could create several issues by allowing hackers to hide malicious activity or cause industrial equipment to damage itself, potentially halting operations and putting company infrastructure at risk.

“Organisations are blindly trusting LoRaWAN because it’s encrypted, but that encryption can be easily bypassed if hackers can get their hands on the keys – which our research shows they can do in several ways, with relative ease, ” explains Cesar Cerrudo, CTO at IOActive. “Once hackers have access, there are many things they could potentially do – they could prevent utilities firms from taking smart meter readings, stop logistics companies from tracking vehicles, or prohibit hospitals from receiving readings from smart equipment. In extreme cases, a compromised network could be fed false device readings to cover up physical attacks against infrastructure, like a gas pipeline. Or to prompt industrial equipment containing volatile substances to overcorrect; causing it to break, combust or even explode.”

 

Worryingly, IOActive researchers found that there is currently no way for an organisation to know if a LoRaWAN network is being or has been attacked, or if a encryption key has been compromised. In response, IOActive has released a LoRaWAN Auditing Framework, which will allow users to audit and pentest the security of their infrastructure and reduce the impact of an attack and ensure LoRaWAN networks are deployed securely.

 

“Most enterprises are used to having multiple tools monitoring every inch of their IT infrastructure – but LoRaWAN is a real blind spot,” concludes Cerrudo. “There really isn’t any way at present to be alerted if a network has been compromised, so awareness and monitoring are vital. Organisations need to make life more difficult for an attacker by making sure their keys are as secure as possible, by checking all devices’ encrypted keys are unique and putting measures in place to identify any suspicious activity. IOActive’s LoRaWAN Auditing Framework is a good starting point for companies looking to build network security in from the ground up and reduce the impact of potential attacks on their networks.”