How secure is my firmware hosted on the eSOMgears cloud?
All your firmware versions need to be uploaded to the eSOMgears cloud for devices to receive updates. We store them completely private so the external world does not have access to it. All registered devices which query for updates use signed URL to request specific bits. Each request is verified for authenticity before the server provides the bits.
We also never provide a full firmware image to the device for download, we only serve the delta’s, so in general even if there is an intrusion on your own device it does not get access to the full version of the product at anytime from our servers.
How secure are your REST API’s?
We provide REST API’s using which you can develop your own white labeling website. We use token verification in our REST API’s. A user who is trying to log-in to the system should have valid token which he needs to pass to any of the REST API invocations. On top of these tokens we also have validity period so that they expire after a set time limit. The time limit safeguards you if these tokens are not handled properly by your web developer.
Can others access my device?
We never access your device from cloud, only your device connects to our cloud requests for meta-data and firmware. We follow client server model wherein eSOMgears cloud is the server and your device is the client. The client connection lifetime is on per cloud request basis, meaning once a cloud request is completed the connection is immediately closed.
How good is your website security?
Our website is highly secure with https protocol only support. We hosted our website in isolation from the back-end system that hosts REST APIs. The REST API system is isolated from backend databases. So a hacker has to break into several heterogeneous layers of infrastructure before he could access any customer sensitive data.
How do you address Endless data attack on my device?
Firstly if you program it right on your device you will always contact our secure server and there is no chance of contacting an impostor. But still if you program your device using our eSOMgears device SDK, the SDK first queries the meta-data of a download before it starts the actual download. The meta-data provides the size of the delta you download, you can check it against the free storage before you issue the download. Even if you skip this step and proceed with the download the SDK verifies it for you and will not proceed if there is not enough free storage.
If you feel your questions are not addressed or you need more info please write to us at firstname.lastname@example.org or try our solution for free at https://esomgears.e-consystems.com or visit esomgears-blogs. Our device and cloud SDK are available for evaluation on request.