MWR InfoSecurity issues practical advice on building a secure LoRa solution

Speaking at The Symposium on Security for Asia Network (SyScan) in Singapore, Rob Miller, senior security consultant at MWR InfoSecurity, has detailed how to build LoRa systems that are provably secure against cyber-attack.

Despite LoRa being relatively new standard, its low-power, long-range credentials make it a candidate for a number of cutting edge-applications, meaning adoption is now accelerating at a significant pace. With industries now trying to take advantage of this emerging protocol, MWR noticed a lack of practical LoRa security guidance available and sought to close the gap.

Explaining the use case for LoRa, Miller said, “Long range radio protocols, like GSM and WiFI, draw a lot of power making them unsuitable for smaller or remote devices, while In contrast low power solutions, like ZigBee or BTLE, are limited in range to tens of meters.

So, there is a need for a long range solution that only sends occasional, small amounts of data that could run off a battery for years. LoRa, and its primary protocol LoRaWAN, addresses this gap in the market. It is intended for systems that require the ability to send and receive low amounts of data over a wide range without high power costs.”

Rob Miller, senior security consultant at MWR InfoSecurity
Rob Miller, senior security consultant at MWR InfoSecurity

In conducting the research, Miller noted that while several effective security features are designed into LoRa, companies should not consider the protocol secure out of the box. “Simply stating that a technology ‘uses AES-128 encryption’ does not mean that solutions using this technology are therefore secure.

It should be clear to all developers of LoRa solutions that using LoRa does not guarantee security. Instead they should build LoRa solutions with the potential attacks in mind.

“Given that LoRa will form part of a complex IT solution means that security vulnerabilities are a likely occurrence during development. Similarly given that LoRa solutions are being used in systems ranging in use from home security through to monitoring and controller infrastructure, attacks and development of exploits against these systems are also likely,” he added.

Miller concluded that, “Secure systems can be developed by understanding LoRa’s security features, as long as developers accept that they are not a silver bullet for security. A secure solution can be developed by considering cyber-security at every stage. Knowing the different ways that a LPWAN solution can be attacked allows a system to be developed built to defend, detect and respond to cyber-attacks.”

An MWR Labs whitepaper with guidance on securing this protocol is available here:

Comment on this article below or via Twitter: @IoTNow_ OR @jcIoTnow


9 IoT applications that will change everything

Posted on: September 1, 2021

Whether you are a future-minded CEO, tech-driven CEO or IT leader, you’ve come across the term IoT before. It’s often used alongside superlatives regarding how it will revolutionize the way you work, play, and live. But is it just another buzzword, or is it the as-promised technological holy grail? The truth is that Internet of

Read more

Which IoT Platform 2021? IoT Now Enterprise Buyers’ Guide

Posted on: August 30, 2021

There are several different parts in a complete IoT solution, all of which must work together to get the result needed, write IoT Now Enterprise Buyers’ Guide – Which IoT Platform 2021? authors Robin Duke-Woolley, the CEO and Bill Ingle, a senior analyst, at Beecham Research. Figure 1 shows these parts and, although not all

Read more

CAT-M1 vs NB-IoT – examining the real differences

Posted on: June 21, 2021

As industry players look to provide the next generation of IoT connectivity, two different standards have emerged under release 13 of 3GPP – CAT-M1 and NB-IoT.

Read more

IoT and home automation: What does the future hold?

Posted on: June 10, 2020

Once a dream, iot home automation is slowly but steadily becoming a part of daily lives around the world. In fact, it is believed that the global market for smart home automation will reach $40 billion by 2020.

Read more

Fuzzy Logic raises €2.5mn to put robots in the hands of operators

Posted on: September 21, 2021

The Franco-American start-up Fuzzy Logic announces a €2.5 million seed round of financing from two European DeepTech funds: 42CAP, an industry-specialised German fund based in Munich, and Karista (via the Paris Region Venture Fund), an early-stage VC firm based in Paris.

Read more

US businesses show IoT investment resilience, despite pandemic

Posted on: September 20, 2021

Despite the adversity caused by the COVID-19 pandemic, grounds for optimism remain for IoT spending in the US.

Read more