Trend Micro Finds LoRaWAN Security Lacking, Develops LoRaPWN Python Utility
Active analysis with the LoRaPWN utility showed a range of issues, "particularly dangerous [for] major infrastructure projects."
Security researchers at Trend Micro have turned their attentions to devices operating on the LoRaWAN protocol, publishing their results along with a software defined radio (SDR) tool dubbed LoRaPWN designed to simplify the decoding of LoRaWAN packets.
Built atop the LoRa long-range low-power radio network standard, LoRaWAN is an increasingly popular communication system for distributed sensor networks and other Internet of Things applications. Its increasing popularity, however, comes with a downside: As its use grows, so too does its interest to ne'er-do-wells looking to break through its security.
"As it stands, these [LoRaWAN] devices do not have comprehensive security structures protecting them or the data they pass along. And unfortunately, LoRaWAN devices have been hacking targets for some time," Trend Micro's Sébastien Dudek explains. "Because businesses and local governments rely on this technology, a serious security risk can affect the bottom line of businesses or even the safety of citizens in a smart city."
As part of its analysis into LoRaWAN devices, Trend Micro has created a tool dubbed LoRaPWN. Written in Python and designed for use with any GNU Radio-compliant software-defined radio (SDR) device, the tool offers the ability to parse and generate uplink and downlink packets complaint with the LoRa PHY, LoRaWAN 1.0, and LoRaWAN 1.1 specifications, brute-force the Over-The-Air Authentication (OTAA) procedure, decrypt and encrypt join-accept payloads, decrypt FRMPayload fields, capture packets, and more.
During its analysis, Trend Micro found a range of issues with LoRaWAN: "The LoRaWAN communication environment," Dudek concludes, "is subject to bugs and vulnerabilities (memory corruptions, generally). The results of our investigation revealed that these types of vulnerabilities put data at risk, allow for unreliable reporting, expose companies to denial-of-service attacks, and enable arbitrary code injection."
"This is particularly dangerous when it comes to devices monitoring major infrastructure projects or utilities in smart cities. Although the end devices may be low-powered and small, they continue to open up avenues of risk to organizations using them."
Trend Micro has not made LoRaPWN public, but LoRa Craft, the project on which it is based, is available on GitHub. Dudek's write-up, meanwhile, can be found on the Trend Micro website, along with a link to a more detailed white-paper.