Researchers from a security consultancy firm, IOActive, have released a new research paper titled ‘LoRaWAN networks susceptible to hacking: Common cybersecurity problems, how to detect and prevent them’. The researchers found that the LoRaWAN protocol used across the globe to transmit data to and from IoT devices in smart cities, industrial IoT, smart homes, smart utilities, vehicle tracking, and healthcare has a host of cybersecurity issues that could put network users at risk of attack. Such attacks could cause widespread disruption or in extreme cases even put lives at risk.
During the study, researchers found that the root keys used for encrypting communications between smart devices, gateways, and network servers are poorly protected and easily obtainable through different methods by malicious hackers who may use these keys to send false data and conduct denial of service attacks. Many enterprises today are used to having multiple tools that monitor every inch of their IT infrastructure but LoRaWAN is a real blind spot. The paper found that there is no solution for an organization to identify whether a LoRaWAN network is being or has been attacked or if an encryption key has already been compromised.
To deal with the problem, IOActive has released a LoRaWAN Auditing Framework to let users audit and pentest the security of their infrastructure, thereby reducing the impact of an attack and ensuring that the LoRaWAN networks are deployed securely. It is definitely a good start for companies looking to build network security from the ground up and reduce the impact of potential attacks on their networks.
Moreover, awareness among the companies and continuous monitoring is vital. Organizations need to make sure that their keys are as secure as possible. This can be done by checking all the device's encrypted keys that have to be unique and putting measures in place to identify any suspicious activity.