LoRaWAN networks are getting popular but come with big risks

JustAnotherOldGuy writes: Security experts have published a report today warning that the new and fast-rising LoRaWAN technology is vulnerable to cyberattacks and misconfigurations, despite claims of improved security rooted in the protocol's use of two layers of encryption. LoRaWAN stands for "Long Range Wide Area Network." It is a radio-based technology that works on top of the proprietary LoRa protocol. LoRaWAN takes the LoRa protocol and allows devices spread across a large geographical area to wirelessly connect to the internet via radio waves. But broadcasting data from devices via radio waves is not a secure approach. However, the protocol's creators anticipated this issue. Since its first version, LoRaWAN has used two layers of 128-bit encryption to secure the data being broadcast from devices — with one encryption key being used to authenticate the device against the network server and the other against a company's backend application. In a 27-page report published today, security researchers from IOActive say the protocol is prone to misconfigurations and design choices that make it susceptible to hacking and cyber-attacks. The company lists several scenarios it found plausible during its analysis of this fast-rising protocol: