LoRaWAN has become the de-facto standard for low-power, low-data-rate, and long-range IoT communications. Over the years, its security mechanisms have undergone rigorous analysis by both academia and industry, leading to mitigations of known vulnerabilities. While the latest LoRaWan specifications are considered secure, potential attack vectors still exist. In this paper, we consider a scenario where two devices from different networks covertly exchange data without passing through the Network Server. Such communication may be used to signal specific events to an attacker or silently exfiltrate information. We identify a new vulnerability that, if exploited, enables a side-channel covert communication scheme allowing device-to-device data exchange through partial control of the downlink. The communication scheme leverages MAC commands and Spreading Factor selection, allowing a third-party receiver to intercept and decode information despite lacking cryptographic keys. We evaluate the achievable throughput of this scheme and demonstrate that it is comparable to typical LoRaWAN devices operations.
Exploiting LoRaWAN downlinks for covert device-to-device communication / Spadaccino, Pietro; Locatelli, Pierluigi; Cuomo, Francesca. - (2025), pp. 1-6. ( 23rd Mediterranean Communication and Computer Networking Conference, MedComNet 2025 Cagliari ) [10.1109/medcomnet65822.2025.11103548].
Exploiting LoRaWAN downlinks for covert device-to-device communication
Spadaccino, Pietro
;Locatelli, Pierluigi;Cuomo, Francesca
2025
Abstract
LoRaWAN has become the de-facto standard for low-power, low-data-rate, and long-range IoT communications. Over the years, its security mechanisms have undergone rigorous analysis by both academia and industry, leading to mitigations of known vulnerabilities. While the latest LoRaWan specifications are considered secure, potential attack vectors still exist. In this paper, we consider a scenario where two devices from different networks covertly exchange data without passing through the Network Server. Such communication may be used to signal specific events to an attacker or silently exfiltrate information. We identify a new vulnerability that, if exploited, enables a side-channel covert communication scheme allowing device-to-device data exchange through partial control of the downlink. The communication scheme leverages MAC commands and Spreading Factor selection, allowing a third-party receiver to intercept and decode information despite lacking cryptographic keys. We evaluate the achievable throughput of this scheme and demonstrate that it is comparable to typical LoRaWAN devices operations.| File | Dimensione | Formato | |
|---|---|---|---|
|
Spadaccino_Exploiting-LoRaWAN-downlinks_2025.pdf
solo gestori archivio
Tipologia:
Versione editoriale (versione pubblicata con il layout dell'editore)
Licenza:
Tutti i diritti riservati (All rights reserved)
Dimensione
660.21 kB
Formato
Adobe PDF
|
660.21 kB | Adobe PDF | Contatta l'autore |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
