Concerning using the Photon, which is what I only use from Particle. All of the clients I design products for require no cloud connections. Some require that it only connects to their router, and provides an open port to get/send data. The others demand the Wi-Fi is off permanently. This has always presented a issue for me concerning firmware updates, because lets be honest, most customers are in no way going to be able to use CLI to updated their device. If it’s not a GUI it isn’t happening.
I have this feature on all of my devices. The user does a special dance of button sequences on power up to turn SoftAP on. They point their browser to the devices IP, and it serves up the settings page. When they click save, it turns off the Wi-Fi and reboots.
The curious thought today was why can I use SoftAP serving up my web page to all the user to upload a new firmware file, and flash itself. Has anyone done this?
I am interested to know why users “demand the WiFi is off permanently”. Is this a concern about the security of the Particle device and it being hijacked as a bot? Or is this because of support for WPA Enterprise?
I assume the photon is in a sealed container and therefore there is no physical access to the microUSB port and JTAG pins/pads. Otherwise this WiFi security concern is a bit mis-placed. The softAP is unsecured so is more of a risk than WiFi and cloud comms with encryption and security keys. I get the settings page access from softAP but can’t see how or indeed why from a security viewpoint you would want to flash that way and not by cloud connection.
Companies like the Rail Road, 911 centers, and others in this kind of camp refuse to have a device connected to the cloud or anything else due to safety concerns. Only in rare instances do they allow it but it would be in a very controlled environment if they did allow it.
When it comes to the companies listed above. Field guys are given a laptop, but they cannot install any software unless it’s approved. It must first go through a rigorous certification process that takes a long time to complete. So even if the field guys took the lid off the device and plugged in the USB to flash it. There would be no way they would certify CLI to be installed on a laptop for field use. Not to mention CLI is not something that you can just teach to someone knowing nothing of electronics in 5 minutes.
On the flip side, if they take the lit off and press a micro button for 10 seconds to enable SoftAP then simply using their browser to upload new firmware that would be acceptable and hack proof.
Any device that can be updated by the cloud can also be hijacked by the cloud. When it comes to people’s safety it best to not cloud connect anything.
I have got customers of devices who are electricity distribution and transmission companies which is classed as CNI (Critical National Infrastructure) here and they won’t turn on or allow the devices to connect to the internet via WiFi either. But, they would allow a cellular connection because it is not via their network. I guess I have to ask why use a Photon and not some Arduino device with no WiFi?
Lastly, why is a locally initiated and unsecure WiFi connection that could be subject to Man in the middle attack OK and how is the binary assured to be uncorrupted? I assume these organisations feel that physical access security they feel is under their control to be better than cryptographic security. You could consider a secure switch to allow the device to allow OTA and ensure the default is off.
You can use an sd card like this post: Flashing an Electron or Photon from an SD card. Simply use the softAP protocol to transfer the new firmware one piece at a time onto the SD card, and then use that library to perform the update.
But also, have you considered an Electron? cell connection could be only used for OTA. Not sure what exactly your product is so I can’t comment on what “hijacking” means for you but there may be out of the box solutions for your greater problems here.
A few reasons. #1) The Photon has ALLOT more to offer than Arduino does. Now i am entitled to my opinion here, so don't any one slam me for saying this. IMHO, Arduino is a royal joke, the IDE is laughable, and I would laugh any any engineer that would stick an Arduino board into a commercial or industrial product.
#2) Many locations do not even have a cellular network. Not to mention the cost of adding something with a sim card for data just for the rare update would not justify the cost.
#3) If you are a company that makes many products that all require a micro of some sort. Its more economical to try to use one platform and stock that in bulk than 12-15 of every other kind. Not to mention code portability using the same micro and IDE from project to project save allot of time.
Every location has what is called a bungalow. You see them all the time mainly at every RR crossing.
They are all locked & secured. One would have to break into one of them, take the lid off one of our devices, know how to put it into AP mode, know its browsers IP address and then do what? How are you going to hack it even if you know that stuff? All you can do is upload a file with a user name and password that locks you out for 30 minutes after 1 wrong entry. A man in the middle attack is really pointless because in the 30 seconds it takes him to turn the AP on, and upload the file the AP is off. So even knowing what they did is useless for the hacker because the AP is now off, and wont be back on again if and when another firmware needs to be updated.
Lastly, and most importantly why AP mode is my favorite thing to do is for the device setup. Many devices need a OLED, LCD, VFD, keypad, and buttons to set up parameters for the device. This is a huge cost for the product. allot of money can be saved by simply creating a web page interface to do all these same things. Turn on the AP, browse to the device's IP and boom, you have a beautiful looking GUI to set up the entire device once you click save, AP is off.
Now, we are getting off topic. Its not about why i want to do what I want, its about has anyone does it before. We also use the ESP32, and firmware is uploaded this same way but the only difference there is that its https.
Thanks for sharing the reasons - understand the physical security solution and the reticence/concerns about internet. I agree about Arduino - perhaps not as strongly.
No problem. Outside of Particle not having a GUI programming interface. I am dumb founded why they are not 10x more popular than Arduino. Everything they have and do is far better.