RUI3 and security

Batto · June 7, 2024, 1:27pm

Hi,

I have some questions about security
I may have a large amount of object to deploy based on RAK4631. I plan to use RUI3 and I’m thinking about protections I can implement.

I can start with AT+LOCK / AT+ PWORD but I will “just” lock BLE/Serial commands.

Is something else possible ?
We agree that credentials (devEUI, AppKey etc …) are stored in flash memory so it’s pretty easy to dump it ?

regards

beegee · June 10, 2024, 10:11am

At the moment RUI3 doesn’t have any other security measures than UART lock.
Credentials are in the Flash memory, you are correct, they can be read out.

Batto · June 10, 2024, 11:24am

Ok thanks for this clarification

Adafruit_nRFCrypto included in package seems outdated (and hmac functions could be useful here), any reason ? Could I take the last version (I imagine I will have to modify headers) ?

beegee · June 10, 2024, 11:56am

Sure, you can try. That’s one of the reasons we made it open source.

Batto · June 10, 2024, 2:49pm

Yep of course ! I just wanted to know if there was any “big” obstacle about this update. If not I will try as it

beegee · June 11, 2024, 1:11am

Let us know how it worked.

system · July 11, 2024, 1:12am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.