This is probably the wrong topic to post this but its the best I could find.
I see that the moment I flash and turn my devices on with the Blynk code, it’s available online. You go to the blynk IP along with the auth token and you have access via URL and REST. No other authentication kind of thing needed.
I’m no security expert, but this feels a bit risky to me. What if someone gets hold of hte auth tokens, brut force hacks random auth tokens against the blynk IP etc.? They’d be able to wreak havoc on devises totally randomly or specifically targetting a person/device.
Is there something I’m missing? Is this service more secure than I understand? Is there anything in place to let me better secure sensitive devices?
Your devices AUTH is your key to protect… you wouldn’t leave your keys around in public would you?
You can also look as using the SSL libraries instead of the basic TCP, but it does tend to need more horsepower then what an ESP8266 can provide, so connectivity is less reliable. Typically an ESP32 or getting into the RPi realm is where SSL is better suited.
And finally… while it is not well published, this is the “free/cheap” side of Blynk… more ment for development and DIY home use (and from my observations over the years, probably benefits from us users as beta testers for their commercial prospects ).
The commercial side will most likely have better overall security if that is your concern for a product that really matters for something. https://blynk.io/
You could also set-up a local Blynk server, which means that you have more control over access. If you’re happy to only have control over your Blynk devices from a mobile device that’s connected to your network then you could even create a totally standalone system that’s not connected to the internet at all.
).