Hi all,
I’m recently working with the RAK3172-SiP and I use it with AT commands.
It works great, but I’m a little concern about security. Let me explain.
I have a microcontroller and a Secure Enclave with all the passwords and key sessions encrypted, but this security is useless when I use the AT commands.
This is because AT commands are based on plain text, easy to read by anyone. So, it would be enough to look for an APPKEY=xxxxx command or just typing APPKEY=? to get the key and other parameters.
My product is not military or critical device at all, but it will be affected by the new CE RED certification and sure the CRA on where security is the key factor to succeed for the certification.
Is there any plan to have a AT encryption layer to avoid to expose the secure keys and data between the host and the RAK3172?
Thank you so much.
Regards,
David