In the recent few months, organizations are starting to be aware of the importance of embracing security within their products. Companies which manufacture connected devices are responsible for protecting their customers against potential cyber-damages. Additionally, embedding security by design already is a value-added differentiator.
It is important to understand that LoRaWAN product security is quite different from traditional IT security:
- LoRaWAN devices are generally constrained in resources due to low cost and low power consumption needs
- LoRaWAN devices are not generally exposed to human supervision, so physical attacks is an important surface to cover
- Scalability of the problem is higher, where deployments can involve thousands of devices
- Fragmentation and market immaturity makes devices very heterogeneous
The best strategy when it comes to security is to join forces with an external partner. Device manufacturing companies have to dedicate their resources and focus on providing the best quality products, so externalizing security to an expert who can provide a qualified outsider view on the product and development processes is the right approach.
With the LoRaWAN security audit, our team of core engineers at The Things Industries provides a turnkey solution for LoRaWAN product security audits. This includes:
- Expert session on creating a secure workflow
- Threat modeling
- Hardware review
- Code audits
- Review of security updates and vulnerability management processes
- Security analysis of communication protocols
- Issue resolution follow up and recurrent reviews