|
|
๐ 1. Price Tag Key Protection Mechanism
Each price tag can be configured with a 16-digit hexadecimal key.
The default key is empty, but if a key is set, only gateways knowing that key can communicate with the tag.
Without the key, even if the hacker has the same gateway model, they cannot perform any operations (including updating prices, flashing LEDs, etc.).
๐ 2. Key Setting and Management
Keys can be set via the OldKey and NewKey fields in ESLEntity or DSLEntity.
Once a new key is set, subsequent communications must use that key; otherwise, the tag will not respond.
It is recommended that developers change the default key immediately upon deployment and store the key securely.
๐ก๏ธ 3. MQTT Communication Isolation
Each eStation gateway connects to a designated MQTT server.
The default server address is 192.168.1.92:9081, but this can be modified via the configuration interface.
Even if a hacker obtains a gateway, they would need to know the server IP, port, username, and password to establish a connection.
๐งพ 4. APID and ESL ID Mapping
Gateways communicate via a 4-digit APID and ESL ID.
ESL IDs are typically bound to store, shelf, or location information, making it difficult for hackers to obtain valid ID lists.
Even if IDs are guessed, key authentication would still be required.
๐ 5. Network and Firewall Protection
It is recommended to deploy eStation in a private network or VPN to restrict external access.
Firewall rules can be configured to allow only specific IPs to access the MQTT port.
๐ 6. Development Recommendations
Enable TLS 1.2 encryption for communication (supports X.509 certificates).
Change keys periodically and avoid using default passwords.
Avoid exposing ESL ID lists and keys on public channels. |
|
Posted on