Security researchers are warning that the technology underpinning many smart city deployments is susceptible to a range of cyber-attacks, enabling hackers to sabotage infrastructure in potentially life-threatening raids.
IOActive’s latest research paper covers LoRaWAN, or the Long-Range Wide Area Network protocol which many low-powered IoT devices use to connect to the internet in scenarios such as smart cities, industrial IoT, smart homes, utilities, vehicle tracking and healthcare.
It claimed that the root keys used to encrypt communications between smart devices, gateways and network servers are poorly protected.
Hackers could extract keys by reverse engineering device firmware, grab hard-coded keys that ship with some open source LoRaWAN libraries, compromise vulnerable LoRaWAN network servers, or even guess the keys in some circumstances, the report claimed.
Once encryption keys are in their possession, the black hats could launch denial of service attacks, or replace legitimate with false comms data. This could cause connected infrastructure to break or even explode, putting lives at risk, IOActive claimed.
“Organizations are blindly trusting LoRaWAN because it’s encrypted, but that encryption can be easily bypassed if hackers can get their hands on the keys — which our research shows they can do in several ways, with relative ease, ” explained Cesar Cerrudo, IOActive CTO.
“Once hackers have access, there are many things they could potentially do – they could prevent utilities firms from taking smart meter readings, stop logistics companies from tracking vehicles, or prohibit hospitals from receiving readings from smart equipment. In extreme cases, a compromised network could be fed false device readings to cover up physical attacks against infrastructure, like a gas pipeline. Or to prompt industrial equipment containing volatile substances to overcorrect; causing it to break, combust or even explode.”
Worse still, the researchers claimed that there’s no way an organization could find out if its LoRaWAN network is being attacked or if encryption keys have been compromised.
That’s why IOActive has released a LoRaWAN Auditing Framework to help these firms pen test their deployments.