Page 1 of 1
Security
Posted: Fri Oct 21, 2016 2:11 am
by ch_triona
Newbie question: being able to program the data logger wirelessly over BLE is a nice feature, but it opens up all kinds of security nightmares for devices in production (as I understand it, anyone with a BLE dongle could actually reprogram the device without even getting into the vehicle, since pairing isn't required). Is there any way to disable wireless programming altogether?
Re: Security
Posted: Fri Oct 21, 2016 8:07 am
by mikebolt
That is a great question. I don't think that there is any way to disable wireless programming via BLE. You could try to remove the whole BLE module, but it looks like it's soldered in, and doing so might make your device unusable.
The
pcb schematic doesn't seem to show the BLE wiring. If we knew how it was hooked up with the Arduino chip, then
maybe we could send a signal to the BLE chip that would disable that function at startup (leaving it enabled for possibly a fraction of a second when the device is powered on).
In the future I would like to see the bluetooth module as an optional addition. Alternatively, there could be some hardware that would ensure that data is only transmitted by the device, not received. The ability to receive data could perhaps be manually enabled by the firmware after startup if required.