Robert Miller, Security Consultant
3 mins read
LoRa and its primary protocol LoRaWAN, are capable of filling this gap in the wireless communications market. Transmitting over many kilometers (depending on environment) and powered by a battery that can last for years. With such promises, several sectors are now picking up this technology to take advantage of these features.
Smart cities are one such field. The goal of a smart city is to use metrics taken from across the city to reduce waste and increase efficiency. The city of Santander is a test bed for a range of smart city technology. One such example is that it measures current levels in dumpsters to decide which need to be collected and produce the most efficient routes to take for the day. It seems minor, but through dozens of such schemes the city claims to have reduced energy usage by as much as 25%.
Obviously, we don't. But we do care about the systems gathering this information, and we certainly care when these same protocols start being used for more important tasks, such as controlling level crossings, or sending signals from burglar alarms. There is a risk with any technology or protocol of scope creep. Where at the beginning we did not care about security due to the context, because of its success and relative maturity it creeps into new sectors without review.
LoRaWAN has been designed with several very effective security features, but simply stating that a technology "uses AES-128 encryption" does not mean that solutions using this technology are therefore secure. So how can we build systems that are provably secure against cyber-attack?
To address this, F-Secure Consulting released guidance on LoRa, which was published during Syscan 360 in Singapore.
The presentation at Syscan360 covered off the following questions: