Hello
I have just been reading an article on TLS and it suggests that TLS uses up a significant amount of bandwidth so, in the interest of reducing the data to & from thinger.io I was wondering if TLS is actually required when using Arduino, ESP8266 or ESP32?
I am fairly new to IOT so I was wondering if anyone could explain why TLS/SSL might be required for an IOT device with Embedded F/W, which presumably couldn’t be hacked (right)?
Thanks
Mark
If you are fine with you data potentially been disclosed / compromised, you might compile with the directive:
#define _DISABLE_TLS_
and work without TLS
Is not always required, but it gives a better grade of security.
A dataphone is the same thing (a electronic device with embedded fw that communicates with a platform), but of course the information is highly sensitive to be hacked (and bad people that may be interested in hack that).
It depends if you want to protect the info or not.
Hope this helps.
So TLS/SSL does not protect the device itself from being hacked, it just prevents the data from being intercepted? Right?
I am concerned about the security of the IOT devices that I am preparing to deploy, has anyone every heard of a simple IOT device being hacked? Is that even possible considering that (in theory) it is not possible to install any additional F/W on the device without loading it via the bootloader. Is there a greater risk of hacking if OTA is enabled in the FW?
Thanks
Mark
Frankly, I do not believe that your self-built IOT device is an interesting target to hack.
Consumer IOT devices are the golden target for hackers: they run to millions with the same code and their owners have basically no clue and no control of the code they run.