Sigfox doesn't do IP and is therefore secure, says UK IoT network operator

Bold claim by WND-UK grand fromage

UK-based Sigfox network operator WND-UK has opened up a little on why it thinks Sigfox is significantly better, in security terms, than other competing Internet of Things connectivity standards.

Managing director Neil Forse – who rather grandly announced earlier this year that WND would put more Sigfox connectivity around the UK than there is 4G coverage – said that Sigfox-enabled devices "are not directly connected to the internet".

While they sort-of are connected to the internet, Forse elaborated: they use Sigfox's proprietary protocol rather than the usual internet protocol (IP) that most other cheap 'n' cheerful devices use.

Forse said in a WND statement: "Sigfox-enabled devices have a built-in behaviour; when this requires data to be transmitted or received, a device will communicate via a radio message. Each message is picked up by several access stations and is delivered to the Sigfox cloud network over a secure VPN, which then relays it to a predefined destination, typically an IoT application. Because Sigfox devices don't have IP addresses, they are not addressable for rogue hackers to gain access."

This is partly sensible, and part "come on, hackers, give it a go", albeit unintentionally. If a device has an external connection, odds are that some ne'er-do-well will get into it and cause mischief. What matters is how few methods of access there are for said ne'er-do-wells.

"Such a security design ensures that Sigfox-ready devices are prevented from sending data to arbitrary devices via the internet," Forse added, "and are shielded from interception by strict firewall measures."

This compares reasonably well to Sigfox's own "Universal Declaration of IoT Rights" from the beginning of this year. It's a bit more believable, for starters, and doesn't contain whimsical nonsense. Yet it's still making a selling point of Sigfox IoT devices being somehow resistant to hacking.

On the flip side, given that – so far – no Sigfox network appears to have suffered a widely publicised hack, perhaps they have a point. We wrote at the beginning of this year that Sigfox was leading with its chin on security, but so far their pride appears to have been borne out by reality.

WND-UK is a spinoff of networks firm WND, which mainly operates around South America. The UK IoT networks market is pretty quiet, with the bigger deployments of IoT tech mainly consisting of sponsored trials in certain towns and cities such as Milton Keynes. Sigfox's main unlicensed-spectrum rival, LoRa, has been quietly gaining ground while mobile network operators' preferred IoT tech, NB-IoT, has stalled after an initial flurry of marketing hype. ®

Other stories you might like

  • DuckDuckGo tries to explain why its browsers won't block some Microsoft web trackers
    Meanwhile, Tails 5.0 users told to stop what they're doing over Firefox flaw

    DuckDuckGo promises privacy to users of its Android, iOS browsers, and macOS browsers – yet it allows certain data to flow from third-party websites to Microsoft-owned services.

    Security researcher Zach Edwards recently conducted an audit of DuckDuckGo's mobile browsers and found that, contrary to expectations, they do not block Meta's Workplace domain, for example, from sending information to Microsoft's Bing and LinkedIn domains.

    Specifically, DuckDuckGo's software didn't stop Microsoft's trackers on the Workplace page from blabbing information about the user to Bing and LinkedIn for tailored advertising purposes. Other trackers, such as Google's, are blocked.

    Continue reading
  • Despite 'key' partnership with AWS, Meta taps up Microsoft Azure for AI work
    Someone got Zuck'd

    Meta’s AI business unit set up shop in Microsoft Azure this week and announced a strategic partnership it says will advance PyTorch development on the public cloud.

    The deal [PDF] will see Mark Zuckerberg’s umbrella company deploy machine-learning workloads on thousands of Nvidia GPUs running in Azure. While a win for Microsoft, the partnership calls in to question just how strong Meta’s commitment to Amazon Web Services (AWS) really is.

    Back in those long-gone days of December, Meta named AWS as its “key long-term strategic cloud provider." As part of that, Meta promised that if it bought any companies that used AWS, it would continue to support their use of Amazon's cloud, rather than force them off into its own private datacenters. The pact also included a vow to expand Meta’s consumption of Amazon’s cloud-based compute, storage, database, and security services.

    Continue reading
  • Atos pushes out HPC cloud services based on Nimbix tech
    Moore's Law got you down? Throw everything at the problem! Quantum, AI, cloud...

    IT services biz Atos has introduced a suite of cloud-based high-performance computing (HPC) services, based around technology gained from its purchase of cloud provider Nimbix last year.

    The Nimbix Supercomputing Suite is described by Atos as a set of flexible and secure HPC solutions available as a service. It includes access to HPC, AI, and quantum computing resources, according to the services company.

    In addition to the existing Nimbix HPC products, the updated portfolio includes a new federated supercomputing-as-a-service platform and a dedicated bare-metal service based on Atos BullSequana supercomputer hardware.

    Continue reading

Biting the hand that feeds IT © 1998–2022