With the rapid development of the Internet of Things technology, many new smart scenarios have emerged in recent years, such as smart cities and smart agriculture. The popularity of these new scenarios is inseparable from the rapid development of LPWAN (low-power wide-area network). In LPWAN, the two most mainstream technologies are LoRaWAN and NB-IoT, with hundreds of millions of IoT devices connected by the two technologies. Due to the complexity of the LPWAN supply chain, security in this area cannot be ignored.
In recent years, LPWAN security research has focused on LoRaWAN, mainly focusing on LoRaWAN specification and keys. NB-IoT is relatively complicated and closed. Therefore, there are few security researches on NB-IoT in the industry. In this talk, we will share the security research findings in the LPWAN. We take modules and chips in the real world as practical objects to conduct a more in-depth study on the security of the LPWAN supply chain. First, we will introduce the supply chain implementation of different technologies in LPWAN and share the findings of our practice of existing security research on actual equipment. In addition, we will analyze the architecture of LoRaWAN and NB-IoT modules from the perspective of supply chain, and summarize the attack surfaces of the two technologies in the real world. Finally, we will share how to discovering and testing the vulnerabilities on the LPWAN module, as well as the multiple security risks (LoRaDawn) we found in the LoRaWAN supply chain. We hope that our findings can help manufacturers improve the security of the LPWAN supply chain.