Security News > 2020 > January > How to detect and prevent issues with vulnerable LoRaWAN networks

IOActive researchers found that the LoRaWAN protocol - which is used across the globe to transmit data to and from IoT devices in smart cities, Industrial IoT, smart homes, smart utilities, vehicle tracking and healthcare - has a host of cyber security issues that could put network users at risk of attack.

Trusting LoRaWAN. "Organizations are blindly trusting LoRaWAN because it's encrypted, but that encryption can be easily bypassed if hackers can get their hands on the keys - which our research shows they can do in several ways, with relative ease," explains Cesar Cerrudo, CTO at IOActive.

Worryingly, IOActive researchers found that there is currently no way for an organization to know if a LoRaWAN network is being or has been attacked, or if an encryption key has been compromised.

In response, IOActive has released a LoRaWAN Auditing Framework, which will allow users to audit and pentest the security of their infrastructure and reduce the impact of an attack and ensure that potentially vulnerable LoRaWAN networks are deployed securely.

"In any LoRaWAN network, root keys should be properly protected and vendor default keys should be replaced with random and different keys for each device. If possible, Secure Element and Hardware Security Module should be used so keys are never exposed. It's also important to constantly monitor LoRaWAN networks for detecting and preventing attacks. Finally, all LoRaWAN infrastructure needs to have security audited two or three times a year in order to identify and fix security problems," Cesar Cerrudo, CTO at IOActive, told Help Net Security.

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/78kkcw06FRI/