The security of the network and Hotspot owners is of the utmost importance to us. While the internet connection is necessary, it is only used to provide backhaul to the Hotspot for blockchain peer-to-peer and LongFi networking. As security concerns are ever present, here is what we have done, and are doing, to combat potential risks:
- The most common attack vector to get into a device like the Hotspot is inbound ports. The Helium Hotspot only requires one port open in both directions (TCP Port 44158), so all other inbound ports can be secured behind a firewall per your personal security needs.
- Helium devices are hardware secured to protect the traffic from the 900 MHz spectrum. This means the security is built-in since devices using the network have AES private key encryption at the chip level.
- Helium hardware and network comply with all FCC regulations for operating in the unlicensed 902-928MHz spectrum.
- We are constantly performing ongoing penetration testing on Hotspots and all other parts of the Helium Network. Results will be posted when available.
- Expected bandwidth utilized by devices is a meager 1-5kb/s, about the size of a long text message, and devices communicate with the Hotspot over LongFi, not IP (Internet Protocol).
- While very reasonable in price, using the Helium network is not free. This is inherently a deterrent for potential scammers.
- Helium wallets (included within the Helium App) use asymmetric keys to keep your private key secure.
We will be diligent in our approach to maintaining and improving all aspects of the network’s security to help ensure that you, The People who constitute The People’s Network, can continue to help define a new era of IoT.