Nebra Hotspot Device Security Overview

Security considerations of the Nebra Hotspots

One question we get asked frequently is security considerations when running a Nebra Hotspot on their network.

We've designed and taken measures to ensure reasonable security where possible, and this documentation goes over some of the steps we've taken to ensure the units are as reasonably secure as possible.

Operating system

The Nebra Hotspots run a variant of Linux called Balena OS which is based off Yocto, Yocto is a cut down variant of linux designed for embedded devices. Due to it's lightweight nature only necessary packages are included to keep the risk of exploits to a minimum.

OTA updates

Nebra Hotspots once connected to the internet download updates OTA, we're planning on releasing updates on a frequent basis to ensure that the software is kept as up to date as possible.

Software Containers

The software itself that runs on the unit is all distributed in docker containers, these are configured so containers can only access certain parts of the hotspot helping keep the different pieces of software isolated to a reasonable level where possible.

Open Source Software

All of the software that runs on the Nebra Hotspots can be found on our github pages:

RepositoryDescription
https://github.com/nebraltd/helium-miner-softwareSoftware for Nebra Helium Miners
https://github.com/NebraLtd/hm-diagNebra Helium Miner Diagnostics
https://github.com/NebraLtd/hm-configNebra Helium Miner Config Container
https://github.com/NebraLtd/hm-pktfwdNebra Helium Miner Packet Forwarder
https://github.com/NebraLtd/hm-minerNebra Helium Miner Container
https://github.com/NebraLtd/hm-upnpUPNP Container for Nebra Hotspots
https://github.com/NebraLtd/hm-gwmfrECC Secure Element Chip Provision Tool

Ports used

Nebra Hotspots require the following ports to be port forwarded on your network

Port NumberDescription
44158Helium Miner

The Nebra Hotspots also use the following ports, however these do not need to be port forwarded.

Port NumberDescription
53DNS Name Resolution
123NTP Time Synchronization
443Connection to Update Servers.

Finally the hotspots only have the following services running on the network:

Port NumberDescription
80Hotspot Diagnostics

Whitelisted domains

You may require to whitelist the following domains for updates to work.

DomainDescription
*.nebra.comNebra Server Communication
*.balena-cloud.comBalena OTA Update Server
*.docker.comDocker Image Servers
*.docker.ioDocker Image Servers

Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.