Exploiting Physical Layer Vulnerabilities in LoRaWAN-based IoT Networks

Low Power Wide Area Networks (LPWAN) are used worldwide in several Internet of Things (IoT) applications that rely on large-scale deployments. Despite most of these networks include their own security mechanisms with built-in encryption, they are still vulnerable to a range of attacks that can be performed using low-cost Software Defined Radio (SDR) hardware and low-complexity techniques. This work provides an experimental setup implemented to exploit physical layer vulnerabilities with SDR techniques. Several attack vectors typically related to LPWAN within the IoT ecosystem are implemented and tested such as Global Positioning (GPS) Spoofing, Replay Attacks, Denial-of-Service (DoS) and Jamming, in environments that rely specifically on LoRaWAN networks. The results show that, in LoRAWAN networks, a set of vulnerabilities can be exploited leading to the incorrect functioning of the executed applications, and possible damage to the systems in which they operate. It was possible to verify that, depending on the type of activation method used between the devices and the LoRaWAN server, the communications and the devices can be compromised.