In a recent email exchange with @Bryce, we became aware of what we believe may be an issue as we begin to launch our product. So, we are asking for some clarification.
Given that one could take any photon and flash any
PRODUCT_VERSION() to to that device…
And suppose some all-of-a-sudden not-so-nice bad person decides to flash firmware with someone else’s Product/Firmware pair (I randomly pick a number less than the last product I created).
And suppose that device does nothing but publishes at the max rate limit for Products.
Further suppose that the developers wish for and they chose to automatically move claimed Products into their Product “namespace” for lack of a better term. They made that choice because they are working with the kind of customer who 1) claims on their own and 2) performs this real-time on setup and 3) on their own schedule, independent of our knowledge.
Then, given the above, wouldn’t it be possible to then spoof the product and sit and run up the developers costs by continually publishing?
So, is this breach possible? Is our concern unfounded? If our concerns are valid, could we have some ideas on protecting ourselves from this, given that we need to automatically move our devices into our product namespace?
FIRMWARE_KEY() that could be passed during handshaking seemed like a reasonable method.
thanks for reading this and sorry if we missed something that addresses this issue.