Ask HN: Securing IoT Device

3 points by seizethecheese ↗ HN
I'm building an IoT product that basically sends the data from a single sensor over the web. Since it's so simple, I'm planning on building no over-the-air update functionality, and the device will store no data. Is this enough to consider the device secure?

5 comments

[ 0.21 ms ] story [ 27.1 ms ] thread
I doubt it - but "secure" is a very broad term without context. Without knowing the type of data being sent, and whether the overall collection over time could be insecure, you also have the underlying operating environment. Most sensors utilize a version of linux, Bluetooth low energy, or wi-fi, all of which have security risks. Also, if you have any accessible ports [usb, network] they are prone to physical attacks. Hope it helps.
Thank you.

There are no ports. There's only a serial bootloader, but in operation there's nothing plugged in.

The device does connect to the internet via WiFi, but only once every 12 hours for about 3 seconds and then it shuts down.

That is definitely a very low security risk footprint then; especially if it's an outbound request (eg: outbound GET / POST, etc). No physical ports of anytype (BLE, USB, etc) also makes it a very low risk. So you're ahead of easily 99.999% of all sensors