back to article Sigfox doesn't do IP and is therefore secure, says UK IoT network operator

UK-based Sigfox network operator WND-UK has opened up a little on why it thinks Sigfox is significantly better, in security terms, than other competing Internet of Things connectivity standards. Managing director Neil Forse – who rather grandly announced earlier this year that WND would put more Sigfox connectivity around the …

  1. Anonymous Coward
    Anonymous Coward

    A benefit of being small...

    ...is that you're not worth targeting. If you grow market share though, as Firefox, for example, demonstrated, that all changes. Anyone recall the days when Firefox was hailed as being more secure than IE? Or when Macs just weren't vulnerable to malware?

  2. Anonymous Coward
    Anonymous Coward

    I went and looked at the frequencies used and they are very accessible using something like the mini LimeSDR which isn't at all expensive. I can just picture hacker's response to this PR: "Hold my beer."

  3. Pascal Monett Silver badge

    "Sigfox's proprietary protocol"

    Cue the argument of "security through obscurity" . . .

    That said, it seems to me that SigFox's security is mainly based on firewalls and VPNs. It's all very nice to say that you don't use IP, if you use VPNs, you're still riding the same bus for part of the trip.

    There are two things in this article that bug me. One is this invitation to hackers on the subject of IoT (lack of) security. Asking for trouble, in my opinion. The other, more serious, is what is going to be the impact of this so-called non-IP proprietary protocol on the regular IP traffic that is happening alongside ? Is there going to be interference, or worse, outright clashing ? I hope that these things have been considered with great attention.

    And if they have, then the argument about not using IP is even weaker.

    On the other hand, anything that improves IoT security is welcome in my book : it'll shave off that many more botnets that trouble the world.

    Doesn't mean I'll buy any of that shite though.

    1. Ian Michael Gumby
      Boffin

      @ Pascal Monet Re: "Sigfox's proprietary protocol"

      You don't know that the argument of 'security thru obscurity' is the case.

      While this may be true, it may also not be true too. There are other protocols which may be in use that also encrypts the data and relies on some form of hardware identification.

      Since they claim its proprietary we don't know for sure.

      Having said that... more than likely they cobbled something together that's utter garbage. But there's still the chance they got someone who's from the MOD/DOD/Darpa world and knows a thing or two, now isn't there?

      1. tim292stro

        Re: @ Pascal Monet "Sigfox's proprietary protocol"

        "...You don't know that the argument of 'security thru obscurity' is the case. While this may be true, it may also not be true too... ...Since they claim its proprietary we don't know for sure..."

        By the very fact we can't know, that is obscurity, so in this case proprietary = obscurity. It would be better if they said "we use a peer-reviewed encryption protocol based on well-vetted libraries".

        "...Having said that... more than likely they cobbled something together that's utter garbage..."

        I think you'll find that like the LoRa stuff we've seen at Blackhat and Defcon, there's already enough interest out there in hacker space, that someone has read this PR blurb and said "Challenge Accepted!" which will be followed shortly by a new talk and the stunning realization that the encryption was baked into hardware and can't be changed easily.

  4. katrinab Silver badge
    Gimp

    Some impressive words there

    - proprietary protocol

    - cloud network

    - secure VPN

    - strict firewall

    What could possibly go wrong?

  5. Lysenko

    Sophistry...

    thinks Sigfox is significantly better, in security terms, than other competing Internet of Things connectivity standards

    What he means is because you can't (legitimately) operate your own base stations you're safe (?) in the SigFox walled garden until someone works out how to spoof a base station or hacks you directly over RF (exactly the same model as cellphone networks with a 2G dumbphone).

    With LoRa(WAN) you run your own base stations and (typically) use the internet as a backbone. How secure the station is from inbound IP hackery is up to you, just like any other internet facing appliance/server. Base stations are typically Raspberry Pi class Linux SBCs under the hood so they are perfectly capable of running TLS, VPNs, Firewalls etc. If you don't, that's on you.

    In both cases over the air firmware bug fixing for remote nodes is problematic, but LoRaWAN does at least support it (by dynamically switching a device to class B operation at the cost of power consumption) whereas SigFox has a hard limit of <1.6kb of downstream bandwidth per day which means it would take weeks to get an update through even with no packet loss.

  6. Mark 85

    Security by obscurity is never a good idea and that what this sounds like.

    1. JimC

      > Security by obscurity is never a good idea

      But it beats the hell out of security by sitting in the middle of the road, crossing your fingers and hoping no-one runs you over.

      1. DropBear
        FAIL

        Re: > Security by obscurity is never a good idea

        Yes, by assuming you do the exact same sitting routine on a dirt road in the middle of nowhere.

  7. Christian Berger

    Well there are different threat models in the IoT world

    For example you have sensor networks which collect, essentially public information like temperatures or water levels of a river, or if a lamp is broken. It doesn't matter if someone listens into them, it does matter if someone can spoof those messages.

    Now with such "fire and forget" networks, and there are many of them, you essentially have unidirectional data traffic. There is no need for an underlying bi-directional connection as there is no need to have acknowledgements. Having no input is a good way to keep malevolent input from compromising your device.

    The security problem obviously lies in the actual network infrastructure. The sane solution would be for the base stations to e-mail the messages to the owner of the IoT device. If done well, they'd be encrypted and or signed via PGP/GPG and arrive at a server which checks the signature and processes them further...

    ...judging by the current experience level of many IoT people, they probably use some bloated cloud system with huge attack surfaces consisting of hundreds of web services, each done more incompetently than the previous one.

  8. Mage Silver badge
    Paris Hilton

    Fantasy Gobbeldegook.

    " "Sigfox-enabled devices have a built-in behaviour; when this requires data to be transmitted or received, a device will communicate via a radio message. Each message is picked up by several access stations and is delivered to the Sigfox cloud network over a secure VPN, which then relays it to a predefined destination, typically an IoT application. Because Sigfox devices don't have IP addresses, they are not addressable for rogue hackers to gain access.""

    This is nonsense on many levels.

    1) The Cloud uses IP and I doubt is secure.

    2) None of my 433MHz RF devices, 864MHz devices, IR Remotes use IP and are not secure.

    3) Native GSM isn't secure and doesn't use IP. they are using out of date broken encryption

    4) 3G could be secure, but they don't bother, they are using out of date broken encryption. Internet traffic (IP) is a layer on top.

    The voice, 3G video and SMS isn't currently secure. Many embedded devices use non-IP 245Kbps 3G modes or even 14.4K GSM modem modes.

    Not using IP doesn't make anything secure. VPNs only protect the link, not endpoints or apps.

    Oyster cards and other NFC "wireless devices" don't use IP and are not secure. Contactless payment cards and RFID price tags are not secure (tech designed to replace barcodes in warehouses, so security wasn't in the design, added later).

    Barcodes and QR codes are not secure and don't use IP. Such fun to be had printing your own QR stickers for the shops ...

    1. Christian Berger

      It depends

      It depends on what you mean by "secure". Yes I can sniff and spoof your IR remote, but I'll never get it to DDOS something without touching it.

      Security depends on threat models. Railway systems, for example, don't need confidentiality. Some signals may even be spoofed without affecting safety. (For example a Stop signal)

      Security is not a box-ticking exercise. It's about finding the threats and finding ways to counter them.

      1. Mage Silver badge

        Re: IR remote, but I'll never get it to DDOS something without touching

        Using a laser or high power LED array you only need LOS.

        Many devices have service modes (esp later model CRTS). You can prevent the gear working or change player region. Set evil LNB parameters etc on satellite receiver.

        It's DOS, not DDOS. Sometimes there is default PIN that's not been changed.

        Anyway the point is that Sigfox has given no reassuring tech info, it's a buzz word laden PR.

        1. Christian Berger

          Well, but that's the other side

          The satellite receiver is the receiver here. Obviously, as mentioned, you can spoof the remote and control the device, but not the remote. Again, this is a question of the threat model.

          BTW since satellite television uses the same model of "send and forget", even if you have total control over the receiver, you still couldn't use that to attack the satellite or uplink station. (And yes, you can just use your own equipment to send up some noise on the uplink frequency of the satellite)

  9. Ken Moorhouse Silver badge

    Wireshark can slurp SigFox

    So it not being IP is neither here nor there.

  10. vincent himpe

    Well, with a maximum packet payload size of 12 bytes, the limitiation of number of packets per day you can broadcast and the fact that you can program a node to be 'transmit only' , it's gonna be bloody hard to hack into the sensor ...

    The node will not receive them at all as the RX-radio is turned off. Even if a sloppy programmer leaves the RX on : if a packet comes in .. it will go in the hardware buffer simply be overwritten on next packet.

    If you don't attach a receive handler then no code will ever read it. ( it's a hardware circular buffer, it simply rolls over when full )

    These networks are designed to send data from far flung locations. One way , fire and forget. Think of it as UDP over airwaves. 'best effort'

  11. tim292stro

    Well Sigfox: Let's think about this a bit critically (like the marketing and legal department should have). 1) If the argument is that the RF portion of the wireless spectrum is un-hackable, they will be found wanting. You can't attribute the source of a wireless signal, UNLESS you require multiple receivers to do spacial signal rejection (think the equivalent of phased array microphones to localize a "speaker"), then you put some signature on the emitted signal that is cryptographically unspoofable. The first half of that is extremely hard to do in a commercial setting, the second not so much. However, the other thing going against Sigfox and LoRa is the extremely low bandwidth. There isn't a lot of space to pad a transmission with extra encryption, so they aren't likely to use something hard to break or copy. And without being able to reject interference, the RF link could just be DoS'd - there that's one of the hacker attacks. 2) If the argument is that the Sifox to IP bridge is un-hackable, then they just haven't thought it through enough to know better (I'm pretty certain they didn't build their own servers from scratch and write every line of code in their system - see Equifax for what comes of that naivete). 3) Last, if the argument is that a Sigfox enable IoT device is un-hackable - that's too forward looking a statement to be meaningful. Give a hacker a day with an IoT power meter and they will in all likelihood own the micro-processor - or take a hammer to it, again permanent DoS. For something like a liquid level sensor or other physical process sensor - one doesn't even need to attack the link, they attack the sensor or its connection. It's all about the path of least resistance to accomplish the attack against the target.

  12. mikie
    FAIL

    hahahaha

    -we coded our own network stack

    This is going to go so well and will be so horrible.

    At least attacks on IP have been enumerated over the years.

    I look forward to the Sigfox posts on full-disclosure.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon