Security Issues in Internet of Things: Vulnerability Analysis of LoRaWAN, Sigfox and NB-IoT

Abstract

One of the key enablers of an increased Internet of Things (IoT) roll-out is Low-Power Wide Area Network (LP-WAN) - a family of technologies tailored for resilient and energy-efficient communication of thousands of devices over large distances (even up to 100km). Under the pressure from both the business and the society to provide ubiquitous connectivity as soon as possible, new IoT deployments are conducted with haste and often by inexperienced people. Consequently, the aspect of communication security traditionally remains a secondary matter, even though the potential harm of a successful hacker attack can be enormous. Therefore, this paper presents an analysis of LP-WAN vulnerabilities, as well as several Proof-of-Concept (PoC) attacks toward LoRaWAN (packet forging), Sigfox (replay with DoS) and NB-IoT (attack using malicious UE), that confirm the existence of the vulnerabilities in both the standards and off-the-shelf hardware and services.