- Hardware-wise, the device is pretty minimal — it seems to be based on the Cypress WICED IoT platform, with 100MBit ethernet and a Silicon Labs Zigbee chipset.
- As IoT devices go, it’s pleasingly minimal.That single port seems to be a COAP server running with DTLS and a pre-shared key that’s printed on the bottom of the device.
- The Android app has code for using the insecure COAP port rather than the encrypted one, but the device doesn’t respond to queries there so it’s presumably disabled in release builds.
- _udp.local query to allow for discovery.From a security perspective, this is pretty close to ideal.
- You can only authenticate with the device if you have physical access to read the (decently long) key off the bottom.
@mikko: “IKEA sets an example on how to do IoT security.” open tweet »