RUI3 and security

Hi,

I have some questions about security :slight_smile:
I may have a large amount of object to deploy based on RAK4631. I plan to use RUI3 and I’m thinking about protections I can implement.

I can start with AT+LOCK / AT+ PWORD but I will “just” lock BLE/Serial commands.

  1. Is something else possible ?
  2. We agree that credentials (devEUI, AppKey etc …) are stored in flash memory so it’s pretty easy to dump it ?

regards

At the moment RUI3 doesn’t have any other security measures than UART lock.
Credentials are in the Flash memory, you are correct, they can be read out.

Ok thanks for this clarification :smiley:

Adafruit_nRFCrypto included in package seems outdated (and hmac functions could be useful here), any reason ? Could I take the last version (I imagine I will have to modify headers) ?

Sure, you can try. That’s one of the reasons we made it open source.

Yep of course ! I just wanted to know if there was any “big” obstacle about this update. If not I will try as it :wink:

Let us know how it worked.

1 Like