
Ask HN: Securing IoT Device - seizethecheese
I&#x27;m building an IoT product that basically sends the data from a single sensor over the web. Since it&#x27;s so simple, I&#x27;m planning on building no over-the-air update functionality, and the device will store no data. Is this enough to consider the device secure?
======
czbond
I doubt it - but "secure" is a very broad term without context. Without
knowing the type of data being sent, and whether the overall collection over
time could be insecure, you also have the underlying operating environment.
Most sensors utilize a version of linux, Bluetooth low energy, or wi-fi, all
of which have security risks. Also, if you have any accessible ports [usb,
network] they are prone to physical attacks. Hope it helps.

~~~
seizethecheese
Thank you.

There are no ports. There's only a serial bootloader, but in operation there's
nothing plugged in.

The device does connect to the internet via WiFi, but only once every 12 hours
for about 3 seconds and then it shuts down.

~~~
czbond
That is definitely a very low security risk footprint then; especially if it's
an outbound request (eg: outbound GET / POST, etc). No physical ports of
anytype (BLE, USB, etc) also makes it a very low risk. So you're ahead of
easily 99.999% of all sensors

------
xxdesmus
no telnet? no SSH? Probably OK then.

~~~
seizethecheese
Thanks.

