Everything is at your own risk! The security is the same as Icom provide for their network radios, which means there is no prospect of us improving it without breaking compatibility. So if security is a concern, I would recommend using some sort of tunnel.
We DO NOT recommend directly exposing wfview server ports to the Internet, as the simple method of username/password obfuscation used by the Icom protocol is not particularly secure.
it’s open source, start reading, analyzing, use the code checking tools to see if
there are issues.
Are the ‘user’ and ‘password’ sent as clear text?
they are not by the way but as what @phil states: it’s easy to decrypt.
And not only that, as wfview is open source… you can see how it works too.
Can the Audio and Control traffic be intercepted by a third-party? (Ex. ‘man-in-the-middle attack’ so to speak)
like what @phil says. Also, think of the question you ask yourself. How is your
connection to the internet? Can your neighbor tap into your traffic?
Do you know if someone between you and the internet have the possibility to use a span-port to look at all your traffic? Other places too?
What steps could be done to lock it down for now? (ex, build a ssh tunnel. stuff like that)
wfview, rsba1 uses three UDP ports. What firewall do you have to secure the ports?
What are the wfview developers planning for future security improvements?
basically nothing we can do. It would break the ICOM protocol.
I see these questions a lot on other subjects and CVE’s and such. My personal rating does not apply here but that probably says a lot.
so assuming i have ssh-server running on the same laptop as the wfview (server mode)
and that i have successful connection from off-site to the the local PC. (an ssh session work)
ssh only does tcp yes, udp cannot be done that way.
Having said that – what are you afraid of? As said before, I have seen lots and lots questions about security including " YOU HAVE TO FIX THAT" things where the analysis is totally different.
So, let’s assume you have three UDP ports open. Unprivileged ports. Now tell me what the concern is anyways? I - to say mildly - don’t understand.
Also, most homegrown firewalls won’t be able to do much for UDP anyways.
I just turn my port forwarding off when I’m not using it. Simple. If a hacker wants to spy on or mess with my ham radio traffic… Well, then I’d just turn it off :-p.
Anyway, I am locking this thread. You can look online for a VPN or tunnel solution that carries UDP and go from there. It’s outside the scope of wfview, and I also think it’s a bit over-the-top for ham radio operations and the relative obscurity thereof, to both the protocol and the activity.