10-18, 11:00–11:50 (America/New_York), Track 2 (206a)
Language: English
Meshtastic excels in emergencies and off-grid communication but can falter when adversaries exploit vulnerabilities. This open-source platform enables decentralized, long-range communication via LoRa-based mesh networks, ideal for remote or crisis scenarios. However, it also introduces security risks, including physical attacks, privacy leaks, poor key management, and susceptibility to jamming. This talk analyzes Meshtastic’s encryption and authentication mechanisms, highlighting potential compromises and demonstrating how attackers can exploit these flaws. We'll provide technical breakdowns, simulated attack scenarios, and real-world case studies, equipping attendees with actionable insights to secure their mesh networks effectively. Whether you're a hobbyist exploring off-grid communications or a security expert assessing decentralized systems, you'll leave armed with the knowledge and strategies to protect your Meshtastic devices. Join us to explore the critical vulnerabilities within mesh network security and learn how to fortify these powerful yet potentially fragile systems.
- Quick personal introduction - In the industry for over 28 years and active in the security community since the first THOTCON in 2010. Founder of Hak4Kidz (2014) and BSides312 (2023). Started as a LAN admin for 5 years, I moved to the other side of the conference room table after transitioning to technology manufacturing in 2000. My background spans email hygiene, encryption, endpoint protection, edge protection, threat hunting, malware research, and building custom electronics as a #badeglife member. Outside of tech, I'm passionate about mastering the art of BBQ, curing bacon and fish (but not at the same time), making corned beef, and crafting my own ketchup.
- Meshtastic Introduction - Meshtastic is an open-source, decentralized communication platform that allows users to create off-grid, long-range mesh networks. It primarily uses low-powered, inexpensive devices like the LoRa (Long Range) radios to enable text messaging and GPS location sharing without requiring cellular or Internet access. Depending on terrain and antenna setup, Meshtastic devices can communicate with each other over distances of several miles. Distance of 331Km between two nodes has been recorded.
- Key features of Meshtastic -
- Mesh networking is a primary feature. The LoRa devices form a mesh network, relaying messages through other nodes, which allows communication over larger distances. Node relaying is configurable per device so best practices are between 3 to 7 hops.
- Off-grid communications is a strong use case. This feature is ideal for use in areas without mobile networks or Wi-Fi, such as hiking, camping, or during wide-scale emergencies. Bi-directional text messages can be exchanged between members. GPS is an optional feature supported by some devices.
- Low power consumption is a valuable feature especially for long durations off-grid or extended periods of time without generally available communications. Battery size is decided by the device owner and can easily be replaced.
- The project is fully open-source where some fantastic contributions have extended the initial capabilities. For example, in version 2.5.2 remote admin capabilities were expanded upon to increase security. This helps reconfigure your node when it's high up on a building, a tower, or on a mountain top.
- Meshtastic is cross-platform. It has a mobile app for Android and iOS. There is also a browser based client for configuration and messaging on desktop or laptops.
- The introduction of Meshtastic has fostered a new community of radio enthusiasts, without requiring a HAM license, who enjoy sharing their custom creations and outdoor antenna setups. - Additional details -
- LoRa operates utilizing ISM radio bands. ISM is an international reservation for some of the radio spectrum specifically for Industrial, Scientific, and Medical communications.
- EU operates in frequency bands of 433 MHz or 686 MHz of the ISM band.
- North America operates in the frequency band of 915 MHZ of the ISM band.
- Data rates vary from 0.09 Kbps to 21.88 Kbps. Speeds are configurable presets which are coupled with range options for optimal performance.
- Device encryption is enabled by default at either AES128 or AES256 bits. A PSK is used to join the mesh. - Security - Specific, documented attacks on Meshtastic may not be prevalent, general security concerns and potential attack vectors can apply to LoRa-based mesh networks and Meshtastic-like platforms. Here are some known or potential risks:
- Physical Attacks on Nodes
- Privacy Leaks (Location Data Exposure)
- Weaknesses in Key Management
- Exploitation of Software Vulnerabilities
- Denial of Service (DoS) Attacks
- Replay Attacks
- Man-in-the-Middle (MitM) Attacks
- Eavesdropping and Interception
- Message Injection or Spoofing
- Jamming Attacks - Physical Attacks on Nodes - Meshtastic devices (LoRa nodes) are often small, portable, and deployed in remote or outdoor locations. They can be physically tampered with, stolen, or destroyed by adversaries.
- Privacy Leaks (Location Data Exposure) - Meshtastic supports GPS location sharing, which can be a privacy concern if not properly secured. An attacker could track users by intercepting unencrypted location data.
- Weaknesses in Key Management - The security of encrypted communications depends on how well the cryptographic keys are managed and shared among nodes. Poor key management practices, such as using weak or publicly known keys, could lead to compromised security.
- Exploitation of Software Vulnerabilities - Since Meshtastic is open-source, vulnerabilities could/do exist in the firmware or software. Malicious actors could exploit software bugs to cause unexpected behavior or bypass security mechanisms.
- Jamming Attacks - LoRa communication is susceptible to jamming attacks, where an adversary transmits noise or disruptive signals on the same frequencies, preventing devices from communicating with each other. LoRa operates over the ISM (Industrial, Scientific, and Medical) band, which is susceptible to jamming, but chirp spread spectrum modulation (supported by LoRa) makes it more resistant than simpler radio systems. However, this cannot completely prevent jamming.
- Best Practices -
- Physical Countermeasures: Securing the physical devices and monitoring their locations can help mitigate this risk. Devices may also use tamper-evident designs to detect and report tampering.
- Enable Encryption: Always use AES-256 encryption for communications to prevent unauthorized access.
- Secure Key Management: Share encryption keys securely, and rotate keys regularly. Use strong, unique encryption keys for each network and securely share them only with trusted participants.
- Limit GPS Sharing: Ensure location sharing is encrypted, and avoid broadcasting GPS data in insecure or sensitive situations. Only share location data when necessary.
- Monitor Network Activity: Pay attention to unusual network behavior that may indicate a DoS or eavesdropping attempt.
- Keep Firmware Updated: Regular updates, patches, and thorough community code review are critical for reducing the risk of software vulnerabilities. Regularly update Meshtastic firmware to patch any known vulnerabilities.
- While Meshtastic is a useful and flexible platform for off-grid communication, it is important to remain aware of these potential attack vectors and apply appropriate security practices to safeguard the network and its users. - My asks - 1) support the mesh (add node and code), 2) vet the code, 3) stay safe.
- Resources - This slide will contain a list of online resources to enable attendees, as well as my contact information if they need help.
- Questions
David Schwartzberg is a cybersecurity expert with nearly 30 years of experience in data protection, ethical hacking, and threat defense. He founded Hak4Kidz, a nonprofit teaching cybersecurity to kids, and speaks at top conferences like Black Hat Arsenal, GrrCON, and Shmoocon. Known for his technical depth and mentorship, David is a leader in the infosec community, passionate about inspiring the next generation of ethical hackers. He likes warm hugs.