While I’m thoroughly enjoying the relatively simple and well explained projects at RNT, I’m increasingly growing concerned about the security risks of connecting vulnerable components to my otherwise well secured Wifi network.
There are plenty of articles on IoT security but they are highly technical and mostly raise concerns rather than addressing them.
It would be great if Rui or someone knowledgeable in the field could write an article about the vulnerabilities and best practices in the context of RNT projects.
– Preferably in the same easy to understand manner and with the same practical approach that we love so much about RNT.
Hello Gabor, I hope you are doing well and thanks for the subject suggestion.
I’m not an expert on this topic, but in my option this is the best way to secure your devices.
First, start by having a good local network security (your router) or even a firewall. Use a router from a well-known brand with software updates. That router should give you the option to have multiple networks (and you only give the password to guests using a guest network, etc).
When it comes to Wi-Fi connected devices in your network (like printers, outlets, eWeLink, Alexa, Mi Home, LifeSmart, etc), you can’t trust those devices, you need to rely that those devices and services are being updated and secure for you. However, you don’t have any control over that…
Hackers also try to find the services/devices that most people use, so their attack is more effective.
In most of the cases, having a good router and being picky with the devices in your network is 90% of the work…
Like in everything, there’s no perfect solution, if someone really wants to get access to your devices, there’s always a way…
Rui, thanks for your quick response.
“When it comes to Wi-Fi connected devices in your network (like printers, outlets, eWeLink, Alexa, Mi Home, LifeSmart, etc), you can’t trust those devices, you need to rely that those devices and services are being updated and secure for you.”
This is exactly what makes me concerned about the growing number of microcontrollers on my wifi network.
Do I blindly trust Amazon’s Alexa for example? Not really, but at least I hope that if and when a security vulnerability is discovered, the manufacturer would release a patch which addresses the known issues.
This is not the case however, with many of the microcontrollers, which don’t receive automated updates.
There are articles out there – like the one I link below – which discuss the security aspects of a microcontroller, but these are too technical for my level of involvement with the inner workings of the hardware.
I was hoping that someone would chip in and briefly explain the security risks of these microcontrollers in layman’s terms or point me to the right source.
Where’s what I can say on this topic: I understand some of those IoT security concepts, but to be honest IoT security is something that I don’t know enough to feel comfortable giving advice.
I don’t have any stats, but I think that most attacks occurs when someone has physical access to your devices or it’s near your devices (connected to the same network).
What that Medium post says is more about protecting your ESP firmware and encrypting it (it’s to protect your final products from consumers/other competitors that can’t retrieve the original code to copy it).
Or it can be used to validate that you’re running the genuine code that the manufacturer used when it shipped the product.
I think this is the most important subject protecting the ESP using HTTPS for external requests:
I think that keeping all your devices updated in your network, is often the best practice and 90% of the work.
The ESP32/ESP8266 community is very active and if a security problem appears, I bet that within a couple of weeks if you update your libraries and ESP32 add-on for Arduino Core, you can re-compile your old code with the security issues will be fixed.
You’re welcome! I’m sorry, I couldn’t help much… I would also recommend looking into HTTPS (as I suggested in my previous link), I’ll also try to post a project on that subject in a few weeks.