LoRa: the securable long range low powered wide area network technology

Robert Miller, Security Consultant
March, 2016
3 mins read

If we want range, then there are already long-range radio protocols, but these draw a lot of power so are not suitable for smaller, remote devices. We also have low power solutions like ZigBee or BTLE, but these are limited in range to tens of meters. Many markets now require a long-range solution that only sends occasional, small amounts of data and could run off a battery for years.

LoRa and its primary protocol LoRaWAN, are capable of filling this gap in the wireless communications market. Transmitting over many kilometers (depending on environment) and powered by a battery that can last for years. With such promises, several sectors are now picking up this technology to take advantage of these features.


Smart cities are one such field. The goal of a smart city is to use metrics taken from across the city to reduce waste and increase efficiency. The city of Santander is a test bed for a range of smart city technology. One such example is that it measures current levels in dumpsters to decide which need to be collected and produce the most efficient routes to take for the day. It seems minor, but through dozens of such schemes the city claims to have reduced energy usage by as much as 25%.


Security in such scenarios can seem a little silly. Why do we care if someone can read how much trash is in a dumpster?

Obviously, we don't. But we do care about the systems gathering this information, and we certainly care when these same protocols start being used for more important tasks, such as controlling level crossings, or sending signals from burglar alarms. There is a risk with any technology or protocol of scope creep. Where at the beginning we did not care about security due to the context, because of its success and relative maturity it creeps into new sectors without review.


LoRaWAN has been designed with several very effective security features, but simply stating that a technology "uses AES-128 encryption" does not mean that solutions using this technology are therefore secure. So how can we build systems that are provably secure against cyber-attack?


To address this, F-Secure Consulting released guidance on LoRa, which was published during Syscan 360 in Singapore.


The presentation at Syscan360 covered off the following questions:

  1. How does LoRaWAN security actually work?
  2. How can we design systems that use LoRa safely?
  3. How can we test a LoRa solution to show that it is secure or insecure?
  4. How can we produce proof of concept attacks against these solutions to help demonstrate the need for change?
Accreditations & Certificates

F-Secure Consulting (F-Secure Cyber Security (Pty) Ltd) is a level 4 contributor to B-BBEE with a procurement recognition level of 100%. Learn more and download our B-BBEE certificate. Click here to read the press release.

Follow us
@fsecure_consult F-Secure-Consulting f-secure-foundry fsecurelabs