PRESS

Hackaday – We saw a lot of articles this week on a LoRaWAN security vulnerability. The popular IoT network protocol has been billed as “secure by default”, but a white paper released by cybersecurity firm IOActive found a host of potential attack vectors. Their main beef seems to be that client devices which are physically accessible can be reverse engineered to reveal their encryption keys.

Hackernoon – IOActive released a vulnerability report for LoRaWAN.  It has been scooped by many of the usual suspects (ThreatPost, EEWeb).  I don’t think these articles really give an idea about what the vulnerability is, exactly, or what can be done.  The report is very readable, and you should read it if you’re an engineer, but if you don’t know where to start with this security stuff, I’ll try to summarize here.

SecurityWeek – Millions of devices deployed across a wide range of sectors could be exposed to hacker attacks due to security issues associated with the use of LoRaWAN, cybersecurity firm IOActive warned on Tuesday. LoRaWAN, which stands for long-range wide area networking, is a media access control (MAC) protocol that uses LoRa technology to allow low-power devices to wirelessly communicate with internet-connected applications over long distances.

Stacey on IoT Podcast – Privacy was a big theme beginning with our conversation about Ring’s sharing of certain user data with third-party tracking sites, a plea from 40 organizations for the U.S. to stop using facial recognition technology, and a new way to think about smart cities. Kevin and I also discussed proposed device security rules for the U.K. and security challenges associated with LoRaWAN networks.

Dark Reading – The fast-emerging long-range wide area networking (LoRaWAN) protocol — designed to wirelessly connect low-power, battery-operated “things” to the Internet — is dangerously vulnerable to widespread attacks and compromise, security firm IOActive said in a report Tuesday. According to the vendor, its research shows that the encryption keys used for securing communications between devices, gateways, and network servers in LoRaWAN environments are weakly protected and easily obtainable.