Console logs are sent in the clear over PubNub on HTTP port 80. We consider this quite a serious security issue.
Already mentioned this on Gitter chat but replicating here to make sure that we can get notified when this is being taken care of / solved.
Thank you for the report.
@petrosagg and @afitzek could you update this when progress is made? Thank you
Hi @che,
We have verified the issue on our end and we’re working on fixing the issue. Thanks a lot for pointing this out, it is an embarrassing security issue that was a combination of bad defaults and negligence from our side.
We’re releasing a new version of resinOS asap with a fix. Also, we’ve patched the library upstream for the benefit of any other pubnub user https://github.com/pubnub/javascript/pull/89 and we’re also working on an action plan to fix existing devices in the field.