

# Hardware Hazards: Identifying and Defending against Attacks on LoRaWAN Devices

Technical Brief

The first part of this series<sup>1</sup> introduced weak points in LoRa and LoRaWAN technologies, as well as the scope of available security mechanisms. In the second part,<sup>2</sup> we presented effective techniques and original tools that use software-defined radio to spot attacks on these technologies in the wild.

In this last article, we will detail dangerous hardware attacks that can critically affect LoRaWAN devices. Low-powered LoRaWAN devices are most commonly used by large organizations that deploy them across wide-spread areas, or smart cities that place these devices in public locations across metropolitan zones. Hardware attacks could be real game changers if malicious actors attack the devices deployed in unsecure locations.

The following data will show that the cornerstone of LoRaWAN security resides in the use of default encryptions and the strength of encryption keys. In the sections below, we will introduce the varied hardware attacks that could compromise valuable internal data from an organization, as well as the attacks' specific mechanisms. We will also outline security procedures that could mitigate these types of attacks.

# LoRa device components

Vital components of LoRa end-devices include transceivers, microcontrollers (sometimes called MCUs), and sensors. The microcontroller communicates with the LoRa transceiver<sup>3</sup> to set the configuration and retrieve or send packets. All the code and logic reside in the external or internal flash memory of the microcontroller.





Typically, a sensor is also connected to the microcontroller. Figure 2 shows a LoRa end-device with a magnetic door sensor (boxed in purple) and the ASR6502 microcontroller (boxed in pink):



Figure 2. LoRa end-device with a magnetic door sensor

The yellow box in Figure 2 clearly shows PINs, indicating a universal asynchronous receiver-transmitter (UART) that we can interface with.

There are also other possible interfaces that can be used to gain this type of access. Among them are:

- JTAG (named after the Joint Test Action Group)
- I<sup>2</sup>C (Inter-Integrated Circuit)
- Serial Peripheral Interface (SPI)

The following sections list the different components and the possible attack vectors for each one.

#### **Components and associated attacks**

#### LoRa transceiver

In the following example, the LoRa transceiver communicates with the microcontroller through SPI.<sup>4</sup> The microcontroller uses this SPI access to provide the configuration, but also uses the SPI to get uplink packets or send downlink packets to the gateway.

Using a HydraBus<sup>5</sup> device allows us to interface with this transceiver:



Figure 3. Reading registers of a LoRa transceiver via SPI

We can then adapt and read the SPI example script for HydraBus as follows:

```
import serial
import struct
import sys
if __name__ == "__main__":
   ser = serial.Serial('/dev/ttyACM0', 115200)
   for x in range(20):
        ser.write(b"\x00")
    if b"BBI01" not in ser.read(5):
       print ("Could not get into bbIO mode")
        sys.exit("Could not get into bbIO mode")
    for x in range(95):
       ser.read(1)
    ser.write(b"\x01")
    if b"SPI1" not in ser.read(4):
        print ("Cannot set SPI mode")
        sys.exit("Cannot set SPI mode")
    addr = 0
   buff=b''
   size = 1
   print ("Reading data")
    while (addr < 4096*size):</pre>
       ser.write(b"\x04\x00\x04\x10\x00")
       ser.write(b"\x03")
       ser.write(struct.pack('>L', addr)[1:])
        ser.read(1)
        buff += ser.read(4096)
        addr += 4096
   out = open("/tmp/image.bin", "wb")
   out.write(buff)
   out.close()
```

And get the content as follows:

|             |      |     |     |      |     | fluxit | is@tren | dmate: -// | SPI 67x1 | 4  |    |    |    |    |    |             |
|-------------|------|-----|-----|------|-----|--------|---------|------------|----------|----|----|----|----|----|----|-------------|
| [sudo] pass | word | fo  | r f | lux  | lus | :      |         |            |          |    |    |    |    |    |    |             |
| Reading dat | а    |     |     |      |     |        |         |            |          |    |    |    |    |    |    |             |
| -fluxius@t  | rend | mat |     | /SPI | E   |        |         |            |          |    |    |    |    |    |    |             |
| -\$ hexdump |      |     |     |      |     | in     |         |            |          |    |    |    |    |    |    |             |
| 00000000 6  |      |     |     |      |     |        | 08      | 02         | 0a       | ff | 00 | 15 | ØЬ | 28 | 0c | 10.+        |
|             |      |     |     |      |     |        |         |            |          |    |    |    |    |    |    |             |
| 00000010 1  | 2 47 | 32  | 3e  | 00   | 00  | 00     | 00      | 00         | 40       | 90 | 00 | 00 | 00 | 05 | 00 | .G2>        |
|             |      |     |     |      |     |        |         |            |          |    |    |    |    |    |    |             |
| 00000020 0  | 3 93 | 55  | 55  | 55   | 55  | 55     | 55      | 55         | 55       | 90 | 40 | 40 | 00 | 00 | 0f | 1           |
| UUUU.@@     |      |     |     |      |     |        |         |            |          |    |    |    |    |    |    |             |
| 00000030 0  | 0 00 | 00  | f5  | 20   | 82  | f5     | 02      | 80         | bØ       | 00 | 00 | 12 | 24 | 2d | 00 | 1           |
| \$          |      |     |     |      |     |        |         |            |          |    |    |    |    |    |    |             |
| 00000040 0  | 3 00 | 04  | 23  | 00   | 09  | 05     | 84      | 32         | 2b       | 14 | 00 | 00 | 11 | 00 | 00 | · · · # · · |
| 2+          |      |     |     |      |     |        |         |            |          |    |    |    |    |    |    |             |
| 00000050 0  | 0 05 | -0  | 00  | 0-   | fr  | 00     | 00      | 5-         | 70       | 00 | 10 | 0- | db | ~~ | ad | -           |

The transceiver does not handle sensitive information, it only has information on some registers<sup>6</sup> that allow it to configure and work with different modes. The following tables show the information:

| Name<br>(Address)   | Bits     | Variable Name      | Mode | Reset | LoRa Description                                                                                                                                                                                                                                                                           |  |  |  |
|---------------------|----------|--------------------|------|-------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--|--|--|
| RegFifo<br>(0x00)   | 7-0      | Fifo               | rw   | 0x00  | LoRa base-band FIFO data input/output. FIFO is cleared an not accessible when device is in SLEEP mode                                                                                                                                                                                      |  |  |  |
| Common Regis        | ster Set | ttings             |      |       |                                                                                                                                                                                                                                                                                            |  |  |  |
|                     | 7        | LongRangeMode      | rw   | 0x0   | $0 \rightarrow$ FSK/OOK Mode<br>$1 \rightarrow$ LoRa Mode<br>This bit can be modified only in Sleep mode. A write operation on<br>other device modes is ignored.                                                                                                                           |  |  |  |
|                     | 6        | AccessSharedReg    | rw   | 0x0   | This bit operates when device is in Lora mode; if set it allows<br>access to FSK registers page located in address space<br>(0x0D:0x3F) while in LoRa mode<br>$0 \rightarrow$ Access LoRa registers page 0x0D: 0x3F<br>$1 \rightarrow$ Access FSK registers page (in mode LoRa) 0x0D: 0x3F |  |  |  |
| RegOpMode<br>(0x01) | 5-4      | reserved           | r    | 0x00  | reserved                                                                                                                                                                                                                                                                                   |  |  |  |
|                     | 3        | LowFrequencyModeOn | rw   | 0x01  | Access Low Frequency Mode registers<br>$0 \rightarrow$ High Frequency Mode (access to HF test registers)<br>$1 \rightarrow$ Low Frequency Mode (access to LF test registers)                                                                                                               |  |  |  |
|                     | 2-0      | Mode               | rwt  | 0x01  | Device modes<br>000 → SLEEP<br>001 → STDBY<br>010 → Frequency synthesis TX (FSTX)<br>011 → Transmit (TX)<br>100 → Frequency synthesis RX (FSRX)<br>101 → Receive continuous (RXCONTINUOUS)<br>110 → receive single (RXSINGLE)<br>111 → Channel activity detection (CAD)                    |  |  |  |
| (0x02)              | 7-0      | reserved           | r    | 0x00  | -                                                                                                                                                                                                                                                                                          |  |  |  |
| (0x03)              | 7-0      | reserved           | r    | 0x00  | -                                                                                                                                                                                                                                                                                          |  |  |  |
| (0x04)              | 7-0      | reserved           | rw   | 0x00  | -                                                                                                                                                                                                                                                                                          |  |  |  |

Accesses to radio data can be seen through the following page registers:

| Lora page registers                |                |                   |    |      |                                                                                                       |  |  |  |
|------------------------------------|----------------|-------------------|----|------|-------------------------------------------------------------------------------------------------------|--|--|--|
| RegFifoAddr<br>Ptr<br>(0x0D)       | 7-0            | FifoAddrPtr       | rw | 0x00 | SPI interface address pointer in FIFO data buffer.                                                    |  |  |  |
| RegFifoTxBa<br>seAddr<br>(0x0E)    | 7-0            | FifoTxBaseAddr    | rw | 0x80 | write base address in FIFO data buffer for TX modulator                                               |  |  |  |
| RegFifoRxBa<br>seAddr<br>(0x0F)    | 7-0            | FifoRxBaseAddr    | rw | 0x00 | read base address in FIFO data buffer for RX demodulator                                              |  |  |  |
| RegFifoRxCu<br>rrentAddr<br>(0x10) | 7-0            | FifoRxCurrentAddr | r  | n/a  | Start address (in data buffer) of last packet received                                                |  |  |  |
|                                    | 7              | RxTimeoutMask     | rw | 0x00 | Timeout interrupt mask: setting this bit masks the corresponding IRQ in RegIrqFlags                   |  |  |  |
|                                    | 6              | RxDoneMask        | rw | 0x00 | Packet reception complete interrupt mask: setting this bit masks the corresponding IRQ in RegIrqFlags |  |  |  |
|                                    | 5 PayloadCrcEr |                   | rw | 0x00 | Payload CRC error interrupt mask: setting this bit masks the corresponding IRQ in RegIrqFlags         |  |  |  |
| ReglrqFlags                        |                |                   |    | 0x00 | Valid header received in Rx mask: setting this bit masks the corresponding IRQ in RegIrqFlags         |  |  |  |

Although this is not sensitive information, it shows that a transceiver can be set up for various purposes.

#### Microcontroller

The microcontroller operates as it implements the LoRaWAN stack.<sup>7</sup> All the keys and calculations that will encrypt and send packets or decrypt received packets from the transceiver are performed on this component.

However, some interfaces can be exposed, as seen with the UART interface in the magnet door sensor. We can directly interact with it and dump secrets if the interface is enabled and no authentication mechanisms are applied to the access portal:



Figure 4. Interfacing with the UART of a magnetic door LoRaWAN sensor

In other contexts, we would have to find other vectors, such as JTAG, SPI, I<sup>2</sup>C, in-circuit serial programming (ICSP), or other access methods.

To find access to JTAG or an ICSP interface, we must check if the programming interface is enabled and if the memory is protected somehow. This requires debugging probes that are associated with the device. There are generic debugging adapters that are associated with OpenOCD and can support various communication protocols. Some examples of these generic adapters are: HydraBUS,<sup>8</sup> BUS Pirate,<sup>9</sup> BusVoodoo,<sup>10</sup> J-Link,<sup>11</sup> and others. From an attacker's point of view, glitching attacks can be engaged to get partial or full access to the sensitive data inside the internal flash memory if memory protections are used.

#### **External flash memory**

In case the microcontroller uses an external flash, it would be possible for an attacker to interface with this memory through the exposed accesses ports easily (SPI, I<sup>2</sup>C, etc.), depending on the surface mount technology (SMT) package.

In certain cases, the attacker can actually chip-off or remove the flash memory from the printed circuit board (PCB) and dump the firmware (dumping is the process of copying or extracting the firmware image):



Figure 5. Example of a TSOP package flash to be read using an adapted socket and a programmer

But when it comes to dumping flashes using BGA (Ball Grid Array), the process can be more time consuming for attackers. As seen in Figure 6, the balls of the chip must be aligned with the PCB interface for the attacker to be able to dump the firmware successfully:



Figure 6. A grid array of solder balls on a printed circuit<sup>12</sup>

# The use of a Secure Element

There are many different types of attacks that can be launched against microcontrollers, but the use of Secure Elements (SE) can derail attack attempts to some degree. In the case of LoRaWAN, the SE can "safely" store the master keys that can be derived to encrypt communication and protect message integrity.

The LoRaWAN-node stack also has examples of implementations containing a few integrated SEs.<sup>13</sup> But, to study these Secure Elements, we have taken the approach documented by the team mbed in a blog post written by researcher Jan Jongboom.<sup>14</sup> Figure 7 shows an example of the setup:



Figure 7. Setup using a LoRa transceiver, a MCU dev kit connected to a UDFN socket kit with a Secure Element Inside

Exactly like in the mbed blog post, we are using the following components:

- 1 x ATSAMD21J1
- 1 x AT88CKSCKTUDFN-XPRO
- 1x SX1276MB1MAS

The Secure Element is a pre-provisioned ATECC608A-MAHTN-T put inside the UDFN socket as follows:



Figure 8. The Secure Element attached

The Github repository of mbed also has a good example of code for using the ATECC608A-MAHTN-T<sup>15</sup> with the mbed-OS and libraries efficiently. Using the provided code, we can securely talk in I2C using the *CryptoLib* library with the UFDN socket:

```
int main(void)
{
    // Setup secure element
    atecc608_i2c_config.iface_type = ATCA_I2C_IFACE;
    atecc608_i2c_config.atcai2c.baud = 100000;
    atecc608 i2c config.atcai2c.bus = 2;
    atecc608 i2c config.atcai2c.slave address = 0xb2;
    atecc608 i2c config.devtype = ATECC608A;
    atecc608 i2c config.rx retries = 20;
    atecc608 i2c config.wake delay = 1500;
    //select device(ATECC608A);
    atcab init(&atecc608 i2c config);
    uint8 t serialnum[ATCA SERIAL NUM SIZE];
    ATCA STATUS serialnum status =
atcab_read_serial_number(serialnum);
    if (serialnum status != ATCA SUCCESS) {
        printf(" Failed to read ATECC608A serial number (%d) \r\n",
serialnum status);
        return 1;
    }
[...]
```

Unfortunately for the developers, the *Secure Boot* is supported by the ATECC608A-MAHTN-T, but not implemented in the example. So, if a device is using this implementation with a Secure Element, it would be easy for an attacker to use the same Secure Element (with everything stored inside it) in another MCU.

Note that this Secure Element is provided with a *Secure Boot* feature to authenticate the MCU, as shown in one of the Microchip presentations:



Figure 9. How to use the Secure Element with the MCU

There are very few documented instances of Secure Elements being used in products. Unfortunately, this means that it is not easy for a developer to be aware of all the beneficial security features that come with using these SEs.

### Recommendations

This is the last in our series of articles on LoRaWAN security, and we have compiled some recommendations for enterprises and organizations that use this technology. Following the suggestions below could help prevent attacks against the essential IoT solutions that rely on LoRaWAN:

| Attacks       | Recommendations                                                                                                                                                                               |
|---------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| Eavesdropping | <ul> <li>Use strong and randomly generated<br/>NwkKeys and AppKeys</li> <li>Use the ABP method only in experimental<br/>environments, but not in production</li> </ul>                        |
| Bit-Flipping  | <ul> <li>Communication between the gateway<br/>and the network server should be<br/>encrypted; an option would be using<br/>MQTT with SSL when using<br/>TheThingNetwork solutions</li> </ul> |
|               | <ul> <li>Communication between the network<br/>server and the applications server should</li> </ul>                                                                                           |

|                           | also be encrypted and strong keys must be in use                                                                                                                                                      |
|---------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| ACK spoofing              | <ul> <li>Add a cryptographic checksum to confirm<br/>that the ACK value belongs to the right<br/>packet<sup>16</sup></li> </ul>                                                                       |
| DoS with counter overflow | <ul> <li>Use version 1.1.x of LoRaWAN that would<br/>make this attack less viable with a 32-bit<br/>long counter instead of a 16-bit counter<br/>(used in v1.0)</li> </ul>                            |
| LoRa class B attacks      | <ul> <li>Change the LoRA PHY cyclic redundancy<br/>check (CRC) with a message integrity<br/>check (MIC) — this is a complex task<br/>usually done by a developer</li> </ul>                           |
| Root key management       | <ul> <li>Do not expose public management<br/>interfaces, and use a client certificate</li> <li>Audit the management interfaces</li> </ul>                                                             |
| Hardware attacks          | <ul> <li>Choose an MCU resistant to known physical attacks</li> <li>Configure memory protections (fuse bits) to prevent an attacker from dumping the memory through programming interfaces</li> </ul> |
| Secure Element reuse      | Configure the Secure Boot of the Secure<br>Element to authenticate the MCU that<br>uses it                                                                                                            |

These recommendations apply to devices using LoRaWAN. However, it should also be mentioned that devices using only the LoRA modulation and a custom stack are highly vulnerable to radio attacks if no confidentiality and integrity mechanisms are used.

# Conclusion

Hardware attacks could be complementary to the radio frequency attacks discussed in the previous entries of this series. Indeed, by dumping keys, an attacker could replay them in the wild and find keys that are also used in other devices. The attacker could also eavesdrop on communications by letting the dumped device communicate with a network and then capturing the sensitive information exchanged between the end-device and the network.

Given the range of these attacks, users should not only be careful about the version of the LoRaWAN protocol and the strength of the keys being used, but also the security mechanisms of the MCU. Using devices proven to be resistant to known and accessible glitching attacks will help prevent attackers from reading the memory. And, if users want to use Secure Elements, they should also use security mechanisms — the Secure Boot used to authenticate the MCU to the SE is an important feature.

This three-part series was created to help users operate LoRaWAN devices securely and safely, so that their processes and communications can continue without complications while ensuring that their data is safely stored. Hopefully, the actionable recommendations in this part, as well as the first and second articles of the series, can serve as an effective guide on security solutions for their LoRaWAN technology.

### References

<sup>1</sup>Sébastien Dudek. (Jan. 26, 2021). *Trend Micro*. "Low Powered and High Risk: Possible Attacks on LoRaWAN Devices." Accessed on March 29, 2021, at <u>https://www.trendmicro.com/en\_us/research/21/a/Low-Powered-but-High-Risk-Evaluating-Possible-Attacks-on-LoRaWAN-Devices.html</u>.

<sup>2</sup>Sébastien Dudek. (Feb. 19, 2021). *Trend Micro*. "Gauging LoRaWAN Communication Security with LoraPWN." Accessed on March 29, 2021, at <u>https://www.trendmicro.com/en\_us/research/21/b/gauging-lorawan-communication-security-with-lorapwn.html</u>.

<sup>3</sup>SemTech. (n.d.). *Semtech*. "LoRa® Transceivers." Accessed on March 29, 2021, at <u>https://www.semtech.com/products/wireless-rf/lora-transceivers</u>.

<sup>4</sup>Piyu Dhaker. (Sep. 2018). *Analog Dialogue*. "Introduction to SPI Interface." Accessed on March 29, 2021, at <u>https://www.analog.com/en/analog-dialogue/articles/introduction-to-spi-interface.html#</u>.

<sup>5</sup>HydraBus. (n.d.). *HydraBus*. "HydraBus v1.0 Rev1.4 Batch March 2021 Production Assembly Video." Accessed on March 29, 2021, at <u>https://hydrabus.com/</u>.

<sup>6</sup>SemTech. (May 2020). *Semtech*. "SemTech SX1276-7-8-9 Datasheet." Accessed on March 29, 2021, at <u>https://semtech.my.salesforce.com/sfc/p/#E0000000JelG/a/2R0000001Rbr/6EfVZUorrpoKFfvaF\_Fkpgp5</u> <u>kzjiNyiAbqcpqh9qSjE</u>.

<sup>7</sup>Miguel Luis et al. (March 17, 2021). *GitHub*. "LoRaWAN end-device stack implementation and example projects." Accessed on March 29, 2021, at <u>https://github.com/Lora-net/LoRaMac-node</u>.

<sup>8</sup>HydraBus. (n.d.). *HydraBus*. "HydraBus v1.0 Rev1.4 Batch March 2021 Production Assembly Video." Accessed on March 29, 2021, at <u>https://hydrabus.com/</u>.

<sup>9</sup>Dangerous Prototypes. (n.d.) *Dangerous Prototypes*. "Bus Pirate." Accessed on March 29, 2021, at <u>http://dangerousprototypes.com/docs/Bus\_Pirate</u>.

<sup>10</sup>BusVoodoo. (n.d.). *BusVoodoo*. "BusVoodoo." Accessed on March 29, 2021, at <u>https://bus.cuvoodoo.info/</u>.

<sup>11</sup>Segger. (n.d.). *Segger.* "J-Link Debug Probes: The Number One Choice." Accessed on March 29, 2021, at <u>https://www.segger.com/products/debug-probes/j-link/</u>.

<sup>12</sup>Electronics Notes. (n.d.). *Electronics Notes*. "Ball Grid Array, BGA." Accessed on March 29, 2021, at <u>https://www.electronics-notes.com/articles/electronic\_components/surface-mount-technology-smd-smt/ball-grid-array-bga.php</u>.

<sup>13</sup>Miguel Luis. (May 26, 2020). *GitHub*. "LoRaMac Secure Element Integration." Accessed on March 29, 2021, at <u>https://github.com/Lora-net/LoRaMac-node/wiki/secure-element</u>.

<sup>14</sup>Jan Jongboom. (Jan. 31, 2019). *Arm Mbed.* "Introducing hardware crypto for LoRaWAN." Accessed on March 29, 2021, at <u>https://os.mbed.com/blog/entry/introducing-lorawan-hw-crypto/</u>.

<sup>15</sup>Jan Jongboom. (Jan. 30, 2019). *GitHub*. "LoRaWAN example application for Mbed OS using the ATECC608A-MAHTN-T secure element." Accessed on March 29, 2021, at <u>https://github.com/armmbed/mbed-os-example-lorawan-atecc608a</u>.

<sup>16</sup>Xueying Yang et al. (2018). *2018 IEEE/ACM Third International Conference on Internet-of-Things Design and Implementation*. "Security Vulnerabilities in LoRaWAN." Accessed on March 29, 2021, at <a href="https://www.cyber-threat-intelligence.com/publications/IoTDI2018-LoraWAN.pdf">https://www.cyber-threat-intelligence.com/publications/IoTDI2018-LoraWAN.</a>

#### TREND MICRO<sup>™</sup> RESEARCH

Trend Micro, a global leader in cybersecurity, helps to make the world safe for exchanging digital information.

Trend Micro Research is powered by experts who are passionate about discovering new threats, sharing key insights, and supporting efforts to stop cybercriminals. Our global team helps identify millions of threats daily, leads the industry in vulnerability disclosures, and publishes innovative research on new threats techniques. We continually work to anticipate new threats and deliver thought-provoking research.

www.trendmicro.com



©2021 by Trend Micro, Incorporated. All rights reserved. Trend Micro and the Trend Micro t-ball logo are trademarks or registered trademarks of Trend Micro, Incorporated. All other product or company names may be trademarks or registered trademarks of their owners.