Hi all.
I need to know.
If I leave a device to be working as a node or router or repeater out there in the woods or in the bush, can anyone basically just climb and look at the node and read the messages exchanged? Or worse, can they simply steal it and get access to the encryption key for the channel I’m using?
Thanks!
By default nodes also relay messages they can’t decrypt, so you don’t have to enter the encryption key. Just make sure the LoRa settings match.
Along that same line, is there a way to protect the Admin channel on a node?
I often hand out nodes for team use and have the nodes set to default pin which the temporary user needs to connect their phone.
Would it be possible to require a separate pin to access the Admin channel or frankly all settings that a temporary user should not have access to?
Good to know others are actively thinking on this.
Thanks for posting the link.
I would be content to have need of a separate pin to start an Admin session as was mentioned in the feature request. But if greater minds come up with a better solution, that would be wonderful too!
I am in the Monterey Bay Area and a few months ago I was the lone Mesher, yesterday I had over 50 nodes showing active in my area! With the explosion in activity, the odds of a bad actor exploiting vulnerabilities for fun is increasing.
Just thinking…
The Admin channel could be moved out of the channels list and made a completely separate feature, such that temporary users would not even see the Admin channel in the first place.
Admin could be moved to its own setting tab and require a pin to open the tab.
Under the admin tab could be an “allow” list of features and settings the Administrator can enable or disable, including the remote access session controls.
If you connect the device directly to usb port of your cellphone by data cable don’t need any pin. You can also dump the memory out (e.g. espressif tool).
Workaround: you could destroy the usb port and flash firmware over bluetooth.
Thanks for your answer!
You might want to activate Managed Mode for devices you give to inexperienced users.