Research on Hacking Technique of LoRaWAN Smart Devices: Discover Surprising Facts

Recently IOTActive releases a new research paper on various hacking techniques and reasons of LoRaWan (The long-range wide-area networking) protocol. Various cyber security issues have been found which could put network users at risk regarding data loss and cyber-attack. 
The research was named as LoRaWAN Networks Vulnerable To Hacking: Common Cyber Security Problems, How To Detect And Prevent Them’. It shows widespread disruption of the data communication may risk our life to some extreme cases. 

The main motto behind the study was to identify the root keys that are used for deciphering communications between connected devices. Most of the devices and gateways are poorly protected, and the data is easily obtainable through various methods. Malicious hackers have already developed high-class methods to hack super protected data; for them, those were easy to recover with minimum setup. 

One of the biggest benefits of LoRaWAN Networks is its long-range capability. A single gateway of this network can cover a mid-sized city (hundreds of square miles) though it is related to the number of obstructions and other parameters of the particular environment. Moreover, it is considered as one of the most low-cost technology in contrast to the licensed spectrum solutions, as it doesn’t require a licensed spectrum to transmit messages. However, the research also shows, implementation issues and weaknesses make the network prone to attack. 

The paper discovered so many uncomfortable truths about the current data security infrastructure; there is no practical solution for an organization to spot whether their LoRaWAN network has been hacked or yet to be attacked. To monitor their users’ current security situation, IOTActive released a LoRaWAN Auditing Framework. It allows users to inspect their present security environment which can reduce the impact of an attack; it can also show how vulnerable your network is to an upcoming attack.
LoRaWAN is one of the fastest-growing, most deployed networks. This protocol perfect fits to a lot of sectors like: 

• Smart City (i.e., parking, lighting, traffic management, weather monitoring, metering)
• Industry (i.e., climate control, asset tracking) 
• Security (i.e., gunshot detection, flood monitoring, panic switches) 
• Smart Home (i.e., alarms systems, home automation) 
• Smart Farming 
• Smart Hospitality 

In France, the LoRaWAN smart water meters are being massively deployed; within a couple of years, it reaches three million users. In Brazil, their target audience is more than two million, also in South Korea, they are going to offer their network at a low price point. 
ImmuneWeb, The Swiss Web Security Firm, has also conducted similar research, which shows all the major airports around the world don’t have the necessary security infrastructure to protect their website from hackers. The situation is the same with their mobile applications and public clouds. This research also highlights some exceptions: Helsinki-Vantaa Airport, Amsterdam Airport Schiphol and Dublin Airport have an extraordinary security system to protect their network from any type of major attack. They have successfully passed the security test conducted by the ImmuneWeb. 

The research also highlights some methods of network improvement; these are: 

• Including an extra sever to the existing LoRaWAN infrastructure: the concept of joined server so that the network server eliminates the handling of AppSKey. 
• Instead of one, using two root keys: NwkKey 
• Using five-session keys instead of two
• Implementing two independent counters for an extra security layer to the network 

Despite implementing the above infrastructure still, there are some issues within the LoRaWAN impletions which were being studied and highlighted in this paper. The entire team is now working on making their network more secure to overcome the problems, which is why they have come up with the idea of auditing insecure networks and detecting cyber-attacks.