I have just read some articles online about how some companies store private data on microcontrollers in their products. An example of this would be the supra ibox because it uses a ti msp430. How secure is the Photon and does the Photon have good enough security to be used in this manner? If so how would I be able to access the data on the Photon and what are the Photon’s attack surfaces?
How is this different from this?
The particle products are platforms - at present all the platform stores are keys and hosts so that they can communicate securely with the cloud.
What others may store on either a device or the cloud, is beyond particle’s control.
There is nothing anyone can do to stop you storing credit card numbers, or PINs on a particle device.
The same applies to attack surfaces, the nature, size and venerability of these is completely in your control; beyond the single, optional encrypted cloud connection.
FYI I am only talking about the Photon itself and not the Particle cloud. That thread was about the Particle cloud. I am talking about if you put the Photon in a device instead of a p0 or P1 and some one could access the USB port or pins of the Photon could you harden the Photon in software?
The answer is in the section I quoted from @AndyW above. This is an embedded processor device and you are in control over the security aspects. Photon and P0 and P1 are as hard or soft as you make them. Good security always comes in layers and it would be your responsibility to add them as you see fit, from changing the bootloader to be more secure to adding physical security and cryptographic protocols.
If an attacker has physical access to the device and enough time and knowledge, there is probably nothing they could not do. You only need to look at smart card attacks here and here through the years to imagine the types of things that can be done.