[kerouanton]

Nice project, but why are all hardware guys designing projects without ANY security?

Page 14, the guide explains the connection to the modem is possible with Telnet with no password...

That's a common issue in IoT and embedded systems, it seems, so I'm wondering if there is a reason why hardware developers just fail at security ?

[F4HDK]

I'm F4HDK, the creator of these NPR modem. The unprotected telnet access is only for local management, especially when you connect only 1 PC to one NPR Client modem. If you need security for accessing configuration/management features of the modem, then you can deactivate the telnet server inside the modem, and put a R-Pi dedicated for that feature, which will be plugged locally to the modem via USB. Then you access the R-Pi via SSH. This is explained in the "advanced user guide". But of course trafic will be kept unecrypted, due to amateur-radio regulations. (telnet is only for management-configuration).

[microcolonel]

This protocol is designed for HAM, and for the most part you can not make encrypted transmissions over amateur radio.

[kerouanton]

Maybe (I'm also a HAM licensee) but making a device available on a IP network without any authentication and weak protocols such as telnet doesn't justify this.

[microcolonel]

I don't think there would be any issue with signing your datagrams, you just can't obscure the content of the communication or its purpose.

So yea on authenticity and access control, nay on transmitting ciphertext.

[bjt2n3904]

To chime in, the hardware build looks like a microcontroller connected to an SPI based ethernet chip. SSH is likely not an option here.