I have some questions about security
I may have a large amount of object to deploy based on RAK4631. I plan to use RUI3 and I’m thinking about protections I can implement.
I can start with AT+LOCK / AT+ PWORD but I will “just” lock BLE/Serial commands.
Is something else possible ?
We agree that credentials (devEUI, AppKey etc …) are stored in flash memory so it’s pretty easy to dump it ?
At the moment RUI3 doesn’t have any other security measures than UART lock.
Credentials are in the Flash memory, you are correct, they can be read out.
Adafruit_nRFCrypto included in package seems outdated (and hmac functions could be useful here), any reason ? Could I take the last version (I imagine I will have to modify headers) ?