Sigfox doesn't do IP and is therefore secure, says UK IoT network operator
Bold claim by WND-UK grand fromage
Posted in Internet of Things, 25th September 2017 16:28 GMT
UK-based Sigfox network operator WND-UK has opened up a little on why it thinks Sigfox is significantly better, in security terms, than other competing Internet of Things connectivity standards.
Managing director Neil Forse – who rather grandly announced earlier this year that WND would put more Sigfox connectivity around the UK than there is 4G coverage – said that Sigfox-enabled devices "are not directly connected to the internet".
While they sort-of are connected to the internet, Forse elaborated: they use Sigfox's proprietary protocol rather than the usual internet protocol (IP) that most other cheap 'n' cheerful devices use.
Forse said in a WND statement: "Sigfox-enabled devices have a built-in behaviour; when this requires data to be transmitted or received, a device will communicate via a radio message. Each message is picked up by several access stations and is delivered to the Sigfox cloud network over a secure VPN, which then relays it to a predefined destination, typically an IoT application. Because Sigfox devices don't have IP addresses, they are not addressable for rogue hackers to gain access."
This is partly sensible, and part "come on, hackers, give it a go", albeit unintentionally. If a device has an external connection, odds are that some ne'er-do-well will get into it and cause mischief. What matters is how few methods of access there are for said ne'er-do-wells.
"Such a security design ensures that Sigfox-ready devices are prevented from sending data to arbitrary devices via the internet," Forse added, "and are shielded from interception by strict firewall measures."
This compares reasonably well to Sigfox's own "Universal Declaration of IoT Rights" from the beginning of this year. It's a bit more believable, for starters, and doesn't contain whimsical nonsense. Yet it's still making a selling point of Sigfox IoT devices being somehow resistant to hacking.
On the flip side, given that – so far – no Sigfox network appears to have suffered a widely publicised hack, perhaps they have a point. We wrote at the beginning of this year that Sigfox was leading with its chin on security, but so far their pride appears to have been borne out by reality.
WND-UK is a spinoff of networks firm WND, which mainly operates around South America. The UK IoT networks market is pretty quiet, with the bigger deployments of IoT tech mainly consisting of sponsored trials in certain towns and cities such as Milton Keynes. Sigfox's main unlicensed-spectrum rival, LoRa, has been quietly gaining ground while mobile network operators' preferred IoT tech, NB-IoT, has stalled after an initial flurry of marketing hype. ®