Ask HN: Do I protect my IoT project by not doing over-the-air updates?

2 points by seizethecheese ↗ HN
I'm working on a simple piece of hardware that just sends a single data point. I don't foresee many needs to change the firmware.

It seems like many of the IoT security problems step from "hijacking" from over-the-air updates, and that I can avoid this by not allowing them. Is that true?

2 comments

[ 45.1 ms ] story [ 1632 ms ] thread
On one hand, you get rid of a big attack vector.

On the other, if a vulnerability in your code exists, it's there for good.

Thank you.

If there's no infrastructure for updating the code, what vulnerabilities that could exist should I be aware of?