ESP8266 Community Forum

Hey guys,

I'm working on a BLE IoT device and because of battery concerns, I'm also working on creating a WiFi-BLE bridge. I'd like to use ESP8266 for the WiFi portion of this bridge but I'm a bit concerned about the security of the connection. Users can create an account and these credentials will be used to authenticate with a cloud server. The gateway will send and receive commands from this server. My question is if security is a concern, is ESP8266 simply not a good choice?

Any other pitfalls I should consider before using ESP8266 in a massively produced product?

Thanks.

ESP8266 is only concerned with the short path between it and the router. The rest of the info goes over the regular net. So, if you send username and password unencrypted to ESP8266, it might encrypt it on the way to the router, but from there on, it is in plaintext again. I think that if that is secure enough for you, you shouldn't worry about ESP8266's security.
On the other hand, if you don't want to transmit it in plaintext, but encrypt the data on the way (https?), no one, including your ESP8266 should be able to eavesdrop (well, except for some backdoors that might be there in the particular protocol you use... but that has nothing to do with ESP8266).

So, if you worry, I'd use https, and if not, then I wouldn't worry.

Also consider the modules or the chip arent FCC certified, so you can't sell it legally. Perhaps you can get around this if you dont sell an antenna with it (sold serparately).

as for security I would go the ssl route. Dunno if the library they use is based on the latest openssl..