Communication is key when it comes to any operation, but as of late, communication using electronics has become reliant on internet connectivity or expensive hardware. With apps and software like Signal, online encrypted communication has become easy to use, but at the end of the day, they rely on some form of internet connection. What about encrypted and secure communication completely off-grid with the potential to reach hundreds if not thousands of miles?
Encrypted communications have been on my radar for years, and I finally sat down and started working on a project. I chose to use a technology called LoRa, which is a Long Range form of radio waves that can operate on a public frequency spectrum similar to cell phones. Instead of reinventing the wheel, I also chose to use the Meshtastics framework, which does all the heavy lifting already when it comes to the infrastructure (which even has multiple apps and software for SMS comms).
Why LoRa and Meshtastics?
Unlike normal radio communication that can rely on expensive repeaters and is easily traceable using a technique call “Fox Hunting”, LoRa has the ability to operate on an inexpensive network of “nodes”. A node in mesh networking is simply a single device connected to the network of along with other nodes that can send and receive data.
Meshtastics does just about all the heavy lifting for the transmission, as well as the receiving aspect of communication. Meshtastics also provides super inexpensive options for each node. A node will cost maybe $30 USD each but can be as little as $5 USD if we get our hands dirty. Meshtastics also allows for AES 256 encryption along with network scanning that gives the project the ability to see which node may have been compromised, jammed, or is simply offline.
Meshtastics in general is an awesome use of technology and off the shelf works great but does have some security issues that needs to be stated and addressed if we truly want a secure way of communication over a span more than a mile or so.
Initial Pen Testing Results For Meshtastics
Encryption
Meshtastics has a HUGE vulnerability that I see many people overlook. The creators even mention this on their website at https://meshtastic.org/docs/overview/encryption. Each node contains the encryption key onboard so while the signal may transmit and receive in an encrypted manner, every node as a copy of the key. A middle man could simply find a repeater node and they would technically have access to all the encrypted messaging.
I spent some time thinking about this and came to conclusion that this vulnerability can be patch by changing when the encryption is done. Meshtatsics claims that the devices are P2P which is 100% correct but this has been mistranslated by many users as their app is P2P, which is not the case. Once an encrypted message is received by a node, the node decrypts the messages and delivers it in plain text to any connected app.
The solution is to keep the keys for encryption with the user themselves and not the nodes. This flow would make compromised node useless for a middleman. A person is always the weakest link in security but each user having the key is more secure than each node.
GPS
Another security vulnerability is the GPS system within Meshtastics. This is maybe the largest vulnerability within the network. Each node (if capable) reports its GPS location to all other nodes. Outside of someone being able to read your messages, them finding your exact location and past locations is even worse!
For the time being, the only solution in mind is to disable the GPS feature on each node but could also be addressed with some firmware changes (which I plan on covering soon).
Compromised Nodes
Compromised nodes can be altered to scramble communication by using byte shifting or some form of alteration to the relayed message. This could render communication to some or all of the network useless and unreadable. While this is only theory currently, I plan on testing to see how feasible this is but it is at the very bottom of my concerns with LoRa and Meshtastics.
Nest Steps in Securing my LoRa/ Meshtastics Network
Redevelop a Mobile Application
The first step in building a more securing LoRa/Meshtastic network is going to be developing a new mobile application that can connect to Meshtastic nodes and does just about everything the Meshtastic app does currently, but we will also have device level encryption to the app. Thankfully, I am a developer and can do this myself.
Recompile Meshtastic Firmware
I am confident to say that with a couple firmware changes, we can close a lot of the vulnerabilities inherit with the T-Beam devices. The first being the GPS if the device supports it and the second to lock out the LCD screen. Ultimately, it would be ideal just to purchase a different model (one that does not have a LCD or GPS). Since I have the T-Beam models on hand, I will have to address my concerns internally.
This project is a work in progress. I will creating some videos at https://www.youtube.com/channel/UCwRpVplSjZD9RUd3_sWA9Nw as well as posting a blog update here on the site. If you do not see an updates when you read this, feel free to reach out to me!
If you have any suggestions, tips, or ideas about this project, feel free to leave a comment and let me know.