AT layer security

dbagan · June 28, 2024, 6:55am

Hi all,

I’m recently working with the RAK3172-SiP and I use it with AT commands.
It works great, but I’m a little concern about security. Let me explain.
I have a microcontroller and a Secure Enclave with all the passwords and key sessions encrypted, but this security is useless when I use the AT commands.
This is because AT commands are based on plain text, easy to read by anyone. So, it would be enough to look for an APPKEY=xxxxx command or just typing APPKEY=? to get the key and other parameters.
My product is not military or critical device at all, but it will be affected by the new CE RED certification and sure the CRA on where security is the key factor to succeed for the certification.
Is there any plan to have a AT encryption layer to avoid to expose the secure keys and data between the host and the RAK3172?
Thank you so much.

Regards,
David

beegee · June 28, 2024, 7:01am

We do not have plans to add such an security layer to the AT commands.
What you can do is to lock/unlock the serial port with a password.
AT+PWORD
AT+LOCK

Or, if you are using custom code based on RUI3, you can disable the AT commands for the credentials and add your own custom AT commands with encryption.

dbagan · July 5, 2024, 11:22am

Thanks Bernd for your response

Regards.
David