Welcome back, my aspiring IoT hackers!
The Internet of Things, or IoT, continues to grow dramatically with nearly every object becoming digitized. In most cases, developers have not invested enough care and time to securing these devices making them particularly vulnerable to attack and compromise.
LoRa (Long Range) is a open standard wireless communication technology used for low-power, long-distance data transmission, especially in Internet of Things (IoT) applications. It operates in the unlicensed sub-GHz frequency bands using a modulation technique called Chirp Spread Spectrum (CSS), enabling reliable connectivity for sensors and actuators over many kilometers or miles with minimal energy consumption. This is a key feature of LoRa, low-energy consumption over long distances. In addition, LoRa is the protocol of choice in meshtastic networks due to its ability to transmit over low distances and low-power consumption.
Compared to Wi-Fi, BLE, and cellular, LoRaWAN is very low-power and low-bandwidth but with this ability to traverse a much larger territory than any of those communication protocols. The other protocols are higher frequency and are thereby more easily inhibited by objects.
Let’s take a look at how LoRa works.
How LoRa Works
LoRa is the physical layer modulation technique that when combined with the LoRaWAN protocol, forms a complete networking protocol stack for wide-area IoT deployments. Often this protocol is used for city-wide applications such as electric, water, and gas meter reading, and recently, in meshtastic networks. For more on meshtastic networks, check out our series that begins here.
LoRa supports long range (up to 15 km or 9 miles in rural areas or 5 km in urban areas) and ultra-low power consumption, making it ideal for battery-powered devices communicating intermittently for years. These devices can often operate for years on a coin-sized battery typically found in watches.
LoRa uses the ISM bands (e.g., 433 MHz, 868 MHz, 915 MHz) and is relatively robust against interference and multi-path fading.
Key Features of LoRa
Long Range
Can cover several kilometers, much farther than Wi-Fi or Bluetooth (limited to 100m).
Low Data Rate
Designed for small data payloads (e.g., sensor readings, GPS pings) rather than high-bandwidth streaming.
Relatively Secure
Features end-to-end encryption (AES-128) for data confidentiality and integrity.
Scalable
Supports thousands of devices per gateway, making it suitable for large deployment
LoRa & LoRaWAN Vulnerabilities
Like all the communication protocols, LoRa is vulnerable to a wide variety of attacks. It’s important to examine these before any implementations of a LoRa/LoRaWan based network.
LoRa and LoRaWAn are vulnerable to the following attacks;
1. Eavesdropping and Data Interception
Unencrypted LoRa transmissions can be captured by any capable receiver within range; encryption is handled by LoRaWAN, but configuration mistakes or legacy implementations (LoRaWan 1.0) may leave data unprotected.
2. Replay Attacks
Attackers can intercept and replay LoRaWAN packets, potentially causing devices or gateways to process duplicate or malicious commands, especially in networks using Activation By Personalisation (ABP) and older LoRaWAN versions with weak frame counters.
3. Jamming and Denial of Service (DoS)
The physical layer is susceptible to RF jamming, where an attacker overwhelms the frequency with noise, disrupting communication (DoS attack). Remember, LoRa is very low power and a more powerful transmitter at the same frequency and more power can overwhelm a LoRa node.
4. Bit-Flipping/Packet Tampering
LoRaWAN 1.0.x networks may allow an attacker to flip bits in certain packets after network decryption but before application layer re-encryption, changing commands or data content without detection.
5. Key Management Weaknesses
Poor key management in devices or backend infrastructure (e.g., weak, reused, or hardcoded keys) opens the door for attackers to derive encryption keys, decrypt data, or impersonate devices.
6. Malicious Node/Device Attack
A compromised device or gateway can spread malicious messages or disrupt the entire network. Physical and firmware-level vulnerabilities (e.g., UART, JTAG access) can allow key extraction or full device takeover.
7. Lack of Mutual Authentication
Early LoRaWAN versions lacked strong mutual authentication, exposing them to device impersonation, rogue gateway attacks, and unauthorized data injection. This makes particularly important to use the most up to date versions of LaRa and LoRaWan when implementing networks.
Summary
LoRa is a vital long-range IoT technology, but both LoRa and LoRaWAN have documented vulnerabilities—such as eavesdropping, replay, jamming, weak key management, and packet tampering—that require robust cryptographic deployment, careful device management, and ongoing security hardening to defend against modern advanced attackers.
Source: HackersArise
Source Link: https://hackers-arise.com/iot-hacking-getting-started-with-lora-and-its-vulnerabilities/