LoRaWAN for IoT: Beware Encryption Misconfigurations and Security Pitfalls

lorawan encryption security

Researchers warn users not to “blindly” trust the encryption implementations of their LoRaWAN networks.


The LoRaWAN protocol, which efficiently supports low-power wireless devices over wide area networks, has become standard in the world of the industrial internet of things (IoT). One of its benefits is its support for end-to-end encryption. However, researchers are warning that while LoRaWAN itself is perfectly secure, poor device security and user mistakes in configuration and implementation can still lead to hacks and widespread operational disruption.

LoRaWAN, or Long Range Wide Area Networking protocol, has been a boon to users and developers of IoT devices in smart cities, industrial IoT, smart homes, smart utilities, vehicle tracking and healthcare. However, those implementing it (both equipment vendors and admins/end users) should take care to avoid certain security pitfalls and not be lulled into a false sense of security stemming from the end-to-end encryption, according to IOActive research, released Tuesday.

“The LoRaWAN protocol is advertised as having ‘built-in encryption’ making it ‘secure by default,” Cesar Cerrudo, CTO at IOActive, wrote in the report. “As a result, users are blindly trusting LoRaWAN networks and not paying attention to cybersecurity; however, implementation issues and weaknesses can make these networks easy to hack.”


In version 1.0. of the protocol, there are four key elements that shape a LoRaWAN implementation.

The LoRaWAN protocol defines two layers of security: One at the network level and another at the application level, researchers described in the report.

The network-level security ensures the authenticity of the device in the network, providing integrity between the device and the network server, they wrote. The application-layer security is responsible for confidentiality, with end-to-end encryption between the device and the application server, preventing third parties from accessing the application data being transmitted.

Each layer of protection depends on the security of two encryption keys–the Network Session Key (NwkSKey) and the Application Session Key (AppSKey), both of which are 128 bits long.

However, if people who aren’t supposed to have access to the network or devices are able to obtain the keys, they  have an open invitation to the devices and networks being protected by them, researchers noted.

Specifically, once bad actors obtain the encryption keys for a LoRaWAN network, they have a number of attack options available “to compromise the confidentiality and integrity of the data flowing to and from connected devices,” IOActive researchers wrote.

Session Keys and Functions in LoRaWAN v1.0.3

These include conducting DDoS attacks that can disrupt communications between connected devices and the network server so companies can’t receive any data.Mistakes could allow attackers to conduct DDoS attacks and send false data to networks, among other malicious activities.

Attackers also can use the keys to intercept communications and replace these with false data, such as fake sensor and meter readings. In this way, bad actors can hide malicious activity or cause industrial equipment to damage itself, which could not just cause company disruption but potentially destruction of infrastructure or facilities if this occurs at a power plant or in the location of other critical infrastructure, researchers said.

One of the biggest issues in IoT is a lack of security-by-design within the devices themselves. Similarly, insecure LoRaWAN devices could be open to reverse engineering that can “sniff” out keys; or, the source code for a device could be left publicly available from open-source repositories or vendor websites.

On the user side, administrators could forget to remove device tags with code before a device was placed in its final location; or they may not implement keys with sufficient randomness. And as always, using default or weak credentials is a prime concern.

Easy ways to securely implement LoRaWAN include replacing keys provided by vendors with random keys; using different keys for different devices; auditing the root keys used to detect weak keys; and making sure service providers follow security best practices and have a secure infrastructure, IOActive said.

IOActive also warned users, administrators and device vendors to remember their basic security-hygiene practices, since LoRaWAN networks can be penetrated by the same good, old-fashioned methods that any other network can be. These include compromising the system of the device manufacturer responsible for installing the firmware with device keys; hacking the devices or computers of technicians responsible for deploying devices where the keys might be stored; obtaining the keys from flash drives or emails of clients or device manufacturers where they were disclosed and shared; breaching a service provider who had keys stored in their backups or databases; or obtaining an AppKey in a dictionary or brute-force attack, researchers wrote.

This posting was updated at 10:15 ET on Jan. 29 to correct several misstatements. Threatpost apologizes for the errors. 

Suggested articles