Security Considerations in Motor Control Firmware – Am I Overthinking It?

Hey everyone,

I have been experimenting with SimpleFOC for a custom BLDC motor setup & something is been on my mind. While most of my focus has been on control loops and tuning, I started wondering about the security side of things such as, what happens if I need to allow remote commands in the future??

I get that embedded motor drivers do not usually need hardcore security but what if someone wanted to mess with the firmware or spoof commands? I took a quick look at a CISSP Course just out of curiosity & it got me thinking about how little we talk about secure communication, even in low-power devices.

Am I overthinking this for a hobby-grade project or is it something worth planning for even in early development? I want to know if any of you have added basic access control or encryption to your setups or if you think it is unnecessary overhead. Also i have check this Can this firmware be used to control an ebike motor? witch is good.

Thank you…:slight_smile:

Hey @Sakuray

Honestly, for a hobby project it’s probably overkill to worry too much about security — unless you’re just curious to learn how it’s done in real-world products. If that’s the case, it’s actually a great excuse to explore stuff like ISO 27001 (for info security) or even ISO 26262 (for Functional Safety) if you’re diving into safety-critical systems like in automotive.

But for home tinkering? Keep it simple unless you’re planning to expose it remotely and want to play around with secure comms or access control.

It’s a great question. I agree with @JorgeMaker .

In fact, I think most of our users are working on personal projects and prototypes, and very much focused on the functionality, with little or no regard to safety.
In some cases the systems are quite small, with correspondingly small safety problems, but some of our users also work with more powerful systems.

To be honest, before attacking the topic of IT safety and resilience, I think many setups should first ensure mechanical and electrical safety (to prevent injury of operators and onlookers) and fire safety.

Securing the system against IT threats and external manipulation would be the next step, but that’s a large and complex topic, and probably only worth it when your project becomes more mature and evolves into some kind of commercialization or public exposure.