IoT deployments just keep growing, and one part of that significant growth is composed of millions of LPWAN (low-power wide-area network) sensors deployed at hundreds of cities (Smart Cities) around the world, also at industries and homes. One of the most used LPWAN technologies is LoRa, for which LoRaWAN is the network standard (MAC layer). LoRaWAN is a secure protocol with built-in encryption, but implementation issues and weaknesses affect the security of most current deployments.

While there is already prior research on LoRaWAN security, most of them focus on known protocol weakness and theory, none of them provides tools neither examples of common security problems of real deployments.

What’s more, currently, there are not guidelines neither tools to test the security of LoRaWAN networks, which means that if someone wants to audit a LoRaWan network, she has to start from scratch. Over the last year, we have been researching LoRaWAN to identify common security problems and building tools to test LoRaWAN network security.

In this talk, we are going to describe common security problems we found on LoRaWAN deployments. Also, we are going to provide step by step guidelines on how and what to test on LoRaWan networks indicating what hardware and software to use. Plus, we will be releasing new tools to test the security of LoRaWan networks. Finally, we are going to provide recommendations for secure LoRaWan deployments.