LoRaWAN poor security in Software.
LoRaWAN uses poor software implementation of AES-ECB. It was never designed to be really secure. The people whom designed the security purchased Atmel for the 508a $15 & ATAES132a @ $0.50 each. If you move the silly security in software to the ATAES132a then you can stop most of the cloning.
With LoRaWAN they say to protect against cloning every device has its unique AES-ECB key stored in a database. Very silly as databases are hacked every second. You never store AES in databases even if encrypted. Very silly idea. Arm new owner says 1 TRILLION IoT devices, LoRaWAN does not scale at all, due to poor design.
One issue for security requirements that has not been looked at is the lack of security on the I/O. No sensors or actuators can stop data injection with LoRaWAN. So krap in krap out looks to be the normal for LoRaWAN. Very silly design team, Microchip, did this part, fools. This is so they can spy on folk.
Mark Edgar me@hakme.uk i am not a "Anonymous Coward" you twits, we hate signing into sites like yours thats all.
Biting the hand that feeds IT
