Sigfox doesn't do IP and is therefore secure, says UK IoT network operator UK-based Sigfox network operator WND-UK has opened up a little on why it thinks Sigfox is significantly better, in security terms, than other competing Internet of Things connectivity standards. Managing director Neil Forse – who rather grandly announced earlier this year that WND would put more Sigfox connectivity around the …
Cue the argument of "security through obscurity" . . .
That said, it seems to me that SigFox's security is mainly based on firewalls and VPNs. It's all very nice to say that you don't use IP, if you use VPNs, you're still riding the same bus for part of the trip.
There are two things in this article that bug me. One is this invitation to hackers on the subject of IoT (lack of) security. Asking for trouble, in my opinion. The other, more serious, is what is going to be the impact of this so-called non-IP proprietary protocol on the regular IP traffic that is happening alongside ? Is there going to be interference, or worse, outright clashing ? I hope that these things have been considered with great attention.
And if they have, then the argument about not using IP is even weaker.
On the other hand, anything that improves IoT security is welcome in my book : it'll shave off that many more botnets that trouble the world.
Doesn't mean I'll buy any of that shite though.
You don't know that the argument of 'security thru obscurity' is the case.
While this may be true, it may also not be true too. There are other protocols which may be in use that also encrypts the data and relies on some form of hardware identification.
Since they claim its proprietary we don't know for sure.
Having said that... more than likely they cobbled something together that's utter garbage. But there's still the chance they got someone who's from the MOD/DOD/Darpa world and knows a thing or two, now isn't there?
"...You don't know that the argument of 'security thru obscurity' is the case. While this may be true, it may also not be true too... ...Since they claim its proprietary we don't know for sure..."
By the very fact we can't know, that is obscurity, so in this case proprietary = obscurity. It would be better if they said "we use a peer-reviewed encryption protocol based on well-vetted libraries".
"...Having said that... more than likely they cobbled something together that's utter garbage..."
I think you'll find that like the LoRa stuff we've seen at Blackhat and Defcon, there's already enough interest out there in hacker space, that someone has read this PR blurb and said "Challenge Accepted!" which will be followed shortly by a new talk and the stunning realization that the encryption was baked into hardware and can't be changed easily.
thinks Sigfox is significantly better, in security terms, than other competing Internet of Things connectivity standards
What he means is because you can't (legitimately) operate your own base stations you're safe (?) in the SigFox walled garden until someone works out how to spoof a base station or hacks you directly over RF (exactly the same model as cellphone networks with a 2G dumbphone).
With LoRa(WAN) you run your own base stations and (typically) use the internet as a backbone. How secure the station is from inbound IP hackery is up to you, just like any other internet facing appliance/server. Base stations are typically Raspberry Pi class Linux SBCs under the hood so they are perfectly capable of running TLS, VPNs, Firewalls etc. If you don't, that's on you.
In both cases over the air firmware bug fixing for remote nodes is problematic, but LoRaWAN does at least support it (by dynamically switching a device to class B operation at the cost of power consumption) whereas SigFox has a hard limit of <1.6kb of downstream bandwidth per day which means it would take weeks to get an update through even with no packet loss.
For example you have sensor networks which collect, essentially public information like temperatures or water levels of a river, or if a lamp is broken. It doesn't matter if someone listens into them, it does matter if someone can spoof those messages.
Now with such "fire and forget" networks, and there are many of them, you essentially have unidirectional data traffic. There is no need for an underlying bi-directional connection as there is no need to have acknowledgements. Having no input is a good way to keep malevolent input from compromising your device.
The security problem obviously lies in the actual network infrastructure. The sane solution would be for the base stations to e-mail the messages to the owner of the IoT device. If done well, they'd be encrypted and or signed via PGP/GPG and arrive at a server which checks the signature and processes them further...
...judging by the current experience level of many IoT people, they probably use some bloated cloud system with huge attack surfaces consisting of hundreds of web services, each done more incompetently than the previous one.
" "Sigfox-enabled devices have a built-in behaviour; when this requires data to be transmitted or received, a device will communicate via a radio message. Each message is picked up by several access stations and is delivered to the Sigfox cloud network over a secure VPN, which then relays it to a predefined destination, typically an IoT application. Because Sigfox devices don't have IP addresses, they are not addressable for rogue hackers to gain access.""
This is nonsense on many levels.
1) The Cloud uses IP and I doubt is secure.
2) None of my 433MHz RF devices, 864MHz devices, IR Remotes use IP and are not secure.
3) Native GSM isn't secure and doesn't use IP. they are using out of date broken encryption
4) 3G could be secure, but they don't bother, they are using out of date broken encryption. Internet traffic (IP) is a layer on top.
The voice, 3G video and SMS isn't currently secure. Many embedded devices use non-IP 245Kbps 3G modes or even 14.4K GSM modem modes.
Not using IP doesn't make anything secure. VPNs only protect the link, not endpoints or apps.
Oyster cards and other NFC "wireless devices" don't use IP and are not secure. Contactless payment cards and RFID price tags are not secure (tech designed to replace barcodes in warehouses, so security wasn't in the design, added later).
Barcodes and QR codes are not secure and don't use IP. Such fun to be had printing your own QR stickers for the shops ...
It depends on what you mean by "secure". Yes I can sniff and spoof your IR remote, but I'll never get it to DDOS something without touching it.
Security depends on threat models. Railway systems, for example, don't need confidentiality. Some signals may even be spoofed without affecting safety. (For example a Stop signal)
Security is not a box-ticking exercise. It's about finding the threats and finding ways to counter them.
Using a laser or high power LED array you only need LOS.
Many devices have service modes (esp later model CRTS). You can prevent the gear working or change player region. Set evil LNB parameters etc on satellite receiver.
It's DOS, not DDOS. Sometimes there is default PIN that's not been changed.
Anyway the point is that Sigfox has given no reassuring tech info, it's a buzz word laden PR.
The satellite receiver is the receiver here. Obviously, as mentioned, you can spoof the remote and control the device, but not the remote. Again, this is a question of the threat model.
BTW since satellite television uses the same model of "send and forget", even if you have total control over the receiver, you still couldn't use that to attack the satellite or uplink station. (And yes, you can just use your own equipment to send up some noise on the uplink frequency of the satellite)
Well, with a maximum packet payload size of 12 bytes, the limitiation of number of packets per day you can broadcast and the fact that you can program a node to be 'transmit only' , it's gonna be bloody hard to hack into the sensor ...
The node will not receive them at all as the RX-radio is turned off. Even if a sloppy programmer leaves the RX on : if a packet comes in .. it will go in the hardware buffer simply be overwritten on next packet.
If you don't attach a receive handler then no code will ever read it. ( it's a hardware circular buffer, it simply rolls over when full )
These networks are designed to send data from far flung locations. One way , fire and forget. Think of it as UDP over airwaves. 'best effort'
Well Sigfox: Let's think about this a bit critically (like the marketing and legal department should have). 1) If the argument is that the RF portion of the wireless spectrum is un-hackable, they will be found wanting. You can't attribute the source of a wireless signal, UNLESS you require multiple receivers to do spacial signal rejection (think the equivalent of phased array microphones to localize a "speaker"), then you put some signature on the emitted signal that is cryptographically unspoofable. The first half of that is extremely hard to do in a commercial setting, the second not so much. However, the other thing going against Sigfox and LoRa is the extremely low bandwidth. There isn't a lot of space to pad a transmission with extra encryption, so they aren't likely to use something hard to break or copy. And without being able to reject interference, the RF link could just be DoS'd - there that's one of the hacker attacks. 2) If the argument is that the Sifox to IP bridge is un-hackable, then they just haven't thought it through enough to know better (I'm pretty certain they didn't build their own servers from scratch and write every line of code in their system - see Equifax for what comes of that naivete). 3) Last, if the argument is that a Sigfox enable IoT device is un-hackable - that's too forward looking a statement to be meaningful. Give a hacker a day with an IoT power meter and they will in all likelihood own the micro-processor - or take a hammer to it, again permanent DoS. For something like a liquid level sensor or other physical process sensor - one doesn't even need to attack the link, they attack the sensor or its connection. It's all about the path of least resistance to accomplish the attack against the target.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
