5177 Brandi n Court, Frem ont, CA94538 | Tel : +1 51 0 -4 9 2 -4044 | Fax : +1 510 -4 9 2 -4001 | www.l o ra -al l i anc e.org
Security FAQ
elements. HTTPS and VPN technologies are recommended for securing communication between these critical
network elements, in much the same way as is done in any other telecom systems.
If LoRaWAN uses an unlicensed band, is it secure?
LoRaWAN networks typically operate in unlicensed Industrial, Scientific and Medical (ISM) bands. Competing
licensed-spectrum system providers often try to imply that ISM bands are unregulated and noisy, however the
ISM bands are heavily regulated in their respective jurisdictions to ensure fair co-existence of devices using
them. The resilient LoRa Spread Spectrum modulation scheme can demodulate a signal down to 17 dB below
the noise floor, ensuring optimal performance in the presence of interference, which can happen in any band,
licensed or unlicensed.
What should I do if I find a vulnerability in the LoRaWAN specifications?
The importance of security in the LoRaWAN specifications is taken very seriously by the LoRa Alliance, and
every effort is made to ensure the security foundation is solid. However, if any part of the LoRaWAN
specifications is considered to have a vulnerability, the LoRa Alliance should be notified at security@lora-
alliance.org.
If the vulnerability is an implementation security issue, this would need to be taken up by the relevant
manufacturers. If the vulnerability is a deployment issues, this would need to be taken up with the relevant
network operator(s).
Where are the LoRaWAN security mechanisms specified?
All security mechanisms are defined in the LoRa Alliance specifications, which can be downloaded by the
public from https://lora-alliance.org/resource-hub.
