Ubidots Community

[SOLVED] TLS Security Justification Question

Hi there :slight_smile:

My application sends data to the Ubidots dashboard using unencrypted TCP. In the API documentation, the following is stated:

Blockquote

We strongly advise to use TCP with TLS to make sure your data travels encrypted, avoiding the exposure of your API token and/or sensor data to third parties."

Blockquote

Can you please explain to me how an unencrypted message could be intercepted? As far as I understand, both cellular and WIFI (With password) signals are already encrypted, so wouldn’t further encryption be redundant? Where and how would it be possible to intercept the message that justifies further encryption?

Thank you!
Kind regards,
SWLINK

Greetings, there are a lot of resources that you may find about this topic on the internet, please give a look at some of them. We made in the past this video, explaining the generalities about data encryption that also may be referenced by you.

All the best

Hi Jota, thank you for the reply :smile: the video is very instructive and informative… It delves into a bit more real-life application details than the API documentation.

My takeaway from the video, especially the conversation from 24:00 to 26:00, is as follows.
(Disclaimer, this is my own personal takeaway from the video and online resources and I’m not claiming to be an expert in the field… in the video it is also mentioned that this is debated among Ubidots customers.)

WIFI can be considered at greater risk due to local network sniffers (although I think the WIFI username and password would still be required to “sniff” the data), but cellular based devices are less at risk to man in the middle attacks because the cellular provider uses it’s own encrypted network infrastructure. (Although José explains that the risk is not non-existent).