MFC releases update of Didge android app. Get your update on
Google Play
Book a meetingPurchaseWebsiteLogin to Didge

Internal Pentest

Penetration Testing Report – Dragino LHT65S Sensor

Device Tested: Dragino LHT65S LoRaWAN Temperature & Humidity Sensor

Test Date: 20/10/2024

Tested By: MFC Safe

Executive Summary

This report outlines the penetration testing results for the Dragino LHT65S sensor, focusing on physical access, firmware integrity, wireless security, and overall device resilience. The sensor demonstrated a strong security profile for a low-power LoRaWAN device, with no high-risk vulnerabilities identified.

Test Category
Result Summary
Risk Level

Physical Access Ports

UART port exposed without protection

Low

Firmware Security

Flash memory protected, no read access

Low

Wireless Communication

AES-128 encryption validated

Low

Device Authentication

No exposed login interfaces

Low

OTA Updates

Manual update only, no remote override

Low

Known Vulnerabilities

None applicable to LHT65S

Low

Data Integrity & Replay

Retransmission and validation passed

Low

Test Details & Findings

1. Physical Port Security

  • Finding: UART debug pins are exposed on the board.

  • Impact: Enables potential local manipulation if physical access is gained.

  • Recommendation: Restrction of entry to premisis, epoxy or mask headers in production deployments.

  • Risk: Low

2. Firmware Protection

  • Finding: Memory is encrypted and read-protected.

  • Result: Firmware dumping attempts failed.

  • Risk: Low

3. LoRaWAN Security

  • Finding: Communication uses LoRaWAN AES-128 encryption.

  • Result: Payloads could not be interpreted without NwkSKey/AppSKey.

  • Risk: Low

4. Authentication Exposure

  • Finding: Device does not expose a user-facing login or web portal.

  • Result: No brute-force or bypass attacks applicable.

  • Risk: Low

5. OTA Firmware

  • Finding: No over-the-air update mechanism is available.

  • Impact: Firmware must be physically flashed, reducing remote attack surface.

  • Risk: Low

6. Known Vulnerabilities

  • Finding: No CVEs found that apply to LHT65S model.

  • Risk: Low

7. Data Integrity and Replay Protection

  • Finding: Data transmission follows confirmed uplinks with retries.

  • Result: Transmission retry logic prevents data loss.

  • Risk: Low

Recommendations

  • Secure physical access to sensors with tamper-evident enclosures.

  • Mask or epoxy UART ports where unused.

  • Maintain firmware currency via Dragino updates and notices.

Conclusion

The Dragino LHT65S sensor passed all critical and major security tests with no exploitable high-risk vulnerabilities. Its physical security could be improved, but wireless communications, firmware protection, and operational design are suitable for deployment in secure environments.

This report is intended for internal compliance and client submission purposes.

PreviousCertificationsNextMulti Point Comparison

Last updated

Was this helpful?