Millions of devices deployed across a wide range of sectors could be exposed to hacker attacks due to security issues associated with the use of LoRaWAN, cybersecurity firm IOActive warned on Tuesday.
LoRaWAN, which stands for long range wide area networking, is a media access control (MAC) protocol that uses LoRa technology to allow low-power devices to wirelessly communicate with internet-connected applications over long distances.
LoRaWAN is inexpensive and a single antenna can be used to cover a large area, such as a city, which has made it highly popular around the world. Smart cities use it for parking, lighting and traffic management systems, and industrial organizations use it to track assets and for various other purposes. The protocol is also used for security systems, smart home products, as well as in the agriculture and healthcare sectors.
The LoRa Alliance, the non-profit organization behind the LoRaWAN standard, says there are currently well over 100 million devices using LoRaWAN all around the world and it estimates that the number will reach 730 million by 2023.
IOActive has analyzed versions 1.0.2 and 1.0.3 of the protocol, which are the most widely used. The latest version is 1.1, which brings several improvements in terms of security, but it will take some time until it’s widely adopted and some of the attack methods identified by the company’s researchers also work against this version due to implementation weaknesses.
In a LoRaWAN architecture, end devices communicate with applications via gateways and network servers. Devices exchange messages with gateways via LoRa and LoRaWAN, and the gateways communicate with the network server via TCP and UDP. The network servers route traffic from end devices to applications and they are also responsible for authentication and authorization.
LoRaWAN uses netwo ..