top | item 19487277

(no title)

Nice project, but why are all hardware guys designing projects without ANY security?

Page 14, the guide explains the connection to the modem is possible with Telnet with no password...

That's a common issue in IoT and embedded systems, it seems, so I'm wondering if there is a reason why hardware developers just fail at security ?

discuss

F4HDK|7 years ago

I'm F4HDK, the creator of these NPR modem. The unprotected telnet access is only for local management, especially when you connect only 1 PC to one NPR Client modem. If you need security for accessing configuration/management features of the modem, then you can deactivate the telnet server inside the modem, and put a R-Pi dedicated for that feature, which will be plugged locally to the modem via USB. Then you access the R-Pi via SSH. This is explained in the "advanced user guide". But of course trafic will be kept unecrypted, due to amateur-radio regulations. (telnet is only for management-configuration).

microcolonel|7 years ago

This protocol is designed for HAM, and for the most part you can not make encrypted transmissions over amateur radio.

kerouanton|7 years ago

Maybe (I'm also a HAM licensee) but making a device available on a IP network without any authentication and weak protocols such as telnet doesn't justify this.

bjt2n3904|7 years ago

To chime in, the hardware build looks like a microcontroller connected to an SPI based ethernet chip. SSH is likely not an option here.