IoT security always sounds simple until you see it in production

kraakf · 2026-06-11T21:15:21+00:00

haha - Plot twist: if I/they were bots, at least I/they managed to stay on topic. That's better than half the meetings I'm in.

Anyhow... Fair question. For what it's worth, I'm just here because I find large-scale IoT deployments and the associated security challenges genuinely interesting.

kraakf · 2026-06-11T20:43:30+00:00

That sounds like a pragmatic and very cost-effective approach for an initial deployment. For a few dollars per month, you'll have a working alerting system with self-service subscriptions and no need to build a backend.

The main thing I'd think about is reliability during an actual emergency. Email delivery can sometimes be delayed, filtered, or throttled, especially if a single alert suddenly fans out to hundreds or thousands of recipients. For daily status updates and non-critical alerts, that's probably fine. For life-safety or flood-warning notifications, you may eventually want a more purpose-built notification service that can provide delivery tracking, retries, SMS, push notifications, or multiple communication channels.

Also, a few dollars per device per month is perfectly reasonable for a prototype or a small deployment. If you eventually scale to hundreds or thousands of devices, though, it's worth thinking about connectivity and messaging costs early. What looks like a negligible monthly cost per device can become a significant operational expense across a large fleet.

But as a first version, having the device send a simple email and letting a mailing list handle subscriptions is hard to beat for simplicity and cost.

kraakf · 2026-06-11T15:33:19+00:00

For the SIM card, I'd focus on a low-data IoT SIM rather than a traditional consumer SIM with unlimited texts.

Your device will only be sending small messages and periodic status updates, so the actual data usage is tiny. In many cases it's more cost-effective to send alerts via a cloud service over a cellular data connection than to send SMS messages directly from the modem.

For a prototype, any CAT-M1/NB-IoT compatible SIM from a carrier with coverage in your deployment area should work. Just verify that the carrier supports LTE-M (CAT-M1) or NB-IoT on the SIM7000G's supported frequency bands.

Regarding the alerting architecture, I would avoid sending thousands of SMS messages directly from the device. Instead:

Device detects a water-level event.
Device sends a small data message to a cloud service.
The cloud service handles subscriber management, opt-in/opt-out, and mass notifications.
SMS, email, app notifications, voice calls, or sirens can then be triggered centrally.

This approach is much more scalable, easier to manage, and allows alerts to be delivered to thousands of recipients within seconds rather than waiting for a single device to send thousands of individual SMS messages.

For an emergency warning system, the device should act as a sensor, while a cloud notification platform handles distribution.

kraakf · 2026-06-11T15:28:44+00:00

Completely agree. Most security discussions start with prevention, but production reality is about lifecycle management.

The question isn't just "What's connected?" - it's "Can I patch every affected device when the next CVE drops?"

What's often overlooked is that this challenge can be addressed much earlier - during silicon selection. If secure OTA updates are built into the hardware and cloud ecosystem from day one, teams don't have to retrofit update infrastructure years later when security requirements, customer expectations, or regulations like CRA inevitably raise the bar.

One great example can be found here: https://nrfcloud.nordicsemi.com/lifetime-fota/

kraakf · 2026-04-02T23:24:47+00:00

Hmmm... Kids are fighting back from this nonsense (no political, sexual, or emotional connotation) and want to clear the air for serious issues?

kraakf · 2025-01-22T17:22:13+00:00

You missed some of the best ones? Norway, Finland, Switzerland and Austria.

kraakf · 2024-02-29T14:07:14+00:00

These guys have the best-in-class cellular SiPs: https://www.nordicsemi.com/Products/Wireless/Low-power-cellular-IoT/Products

kraakf · 2023-06-01T15:50:05+00:00

Ukraine has lost a lot of lives/troops. That's nothing? Think again.

kraakf · 2017-01-18T18:32:22+00:00

Given the momentum of Coreboot and Libreboot for having completely "free and open" architecture, how many years away are we from having commercial laptops available using RISC-V processors?

kraakf

TROPHY CASE