Sigfox Hack: Data can be intercepted
Sigfox, along with LoRa and Narrowband IoT (NB-IoT) one of the competitors for the dominance of global wireless networks for the Internet of Things, was hacked.
The French telecommunications company Sigfox, founded in 2009, operates its own radio network infrastructure that provides data communication for the Internet of Things independently of existing networks or mobile connectivity. In addition to France, Spain and the United States of America, Sigfox has also been operating in Germany since 2016 as an independent network operator with numerous private and commercial users.
Sigfox’s technology is focused on and optimized for devices that only sporadically pass on small amounts of data – such as smoke detectors, sensors, smartwatches and household appliances. But the process is also already being used in agriculture, the medical sector and building and utility monitoring, including smart metering (electricity and water meters).
Hack on the 35C3
During the “35C3” – the 35th Chaos Communication Congress (CCC) – in Leipzig, a student demonstrated and documented how data streams can be intercepted relatively easily from Sigfox devices – and how captured data sets can be analyzed and decrypted.
As mentioned in the introduction, Sigfox is a wireless network – the data is transmitted on the license-free “everyone’s frequency” of 868 MHz. To intercept such data is basically very simple – the necessary (easy to obtain) reception technology, a car park near the target device… or a hidden, permanently installed monitoring device on site is already sufficient. The intercepted data is then processed for analysis and processing on an SDR system (PC with corresponding software for processing Software Defined Radio [SDR]).
Patterns can be extracted from this intercepted data which contain, among other things, header, sequence number, device number, encrypted payload, checksum and a special “Message Authentication Code” (MAC). According to the White Hat hacker, he could easily read out the key for decrypting this data from the device he was attacking: A firmware update contained it in plain text!
With this proof of the inadequacy of the security of the procedure, the hacker turned to Sigfox, who withdrew to the standpoint that the blame lay with the device manufacturers, who do not want to burden themselves with the additional costs of encrypting the device keys.
Anyone currently planning to become active on the Internet of Things should resort to devices with the more secure, more mature LoRa technology, which not only provides a far higher level of security with multi-layer security mechanisms, higher encryption density and dynamically generated keys or key components.
For further information, please refer to the following URLs: