0

I am currently writing an app that is planned to control a machine. The machine is controlled by a Raspberry Pi, which offers an API (via flask) to the local wifi. The app on the other hand is also connected to the same wifi and accesses the API. To make sure that not everybody who downloads the app and is connected to the wifi, can control the machine, I setup some basic authentication.

My next step was actually to switch to https with a self-signed certificate. But the machine(/the raspberry pi) and the app need to be in the same wifi to communicate. So there are actually no intermediaries in the communication. This again makes me wonder if there is any possibility of a man-in-the-middle-attack and if I really need https communication.

So my question is: do I need https here?

Gerke
  • 926
  • 1
  • 10
  • 20

1 Answers1

0

A subjective answer. First you have to decide what is the risk to your machine if someone/thing gets control of it. For most consumer applications, within the household maybe that risk is low (maybe not - what about an irrigation controller or heater?). Then why and with what probability would someone WANT to hack in (maybe if your machine is a best seller across the globe it might be a fun target). You might be surprised at how many devices are on a normal households wifi - dozens at least. Furthermore - while most consumer devices don't rely on inbound access (most use a website to bounce control/commands through) there are probably a lot more inbound (from the internet) ports that have been opened through firewalls than you imagine.

So - I do think there are many opportunities for MITM in a normal household wifi. Whether that would be a concern in early product development - that's up to you.

This SO answer: Is it possible to prevent man-in-the-middle attack when using self-signed certificates? might be useful when actually implementing.

jwag
  • 662
  • 5
  • 6
  • Thanks for your answer! But if we assume, that the wifi is explicitly created for the raspberry pi (of the machine) and the device with the app controlling the pi. Then all parties in the network are trustworthy. In this scenario, is there still a possibility for MITM attacks? – Gerke Aug 26 '19 at 07:59
  • Ahh - more along the lines of say some smart light bulbs - that would of course make things much more secure since the data isn't going through a normal router. However - since we are being paranoid :-) - the data is still going through normal, standardized radio protocols. Your machine can't know who is sending those radio signals - just that whoever is presented a signed certificate. Probably the largest concern would be at setup time when you actually have to establish trust. And yes - I don't see why I couldn't hack your normal wifi, advertise the same SSID as your Pi . – jwag Aug 26 '19 at 14:27
  • Okay, I will take that with me. Thanks for your explanations, that really helped me! – Gerke Aug 28 '19 at 07:49