This solution cannot be easily (or at all?) secured from bad actors accessing the system over public internet.
This is a problem with all IOT applications. They should never be open to the public. They should only be
clients, accessing a private server, from behind NAT. That server, in turn, may be public facing.
LWIP was (probably still is) full of security holes.
See above. However, I have not found a list of these. I am assuming it will indeed be full of holes (actually I would expect any embedded system to be full of holes like buffer overflow issues in the low level ETH area, but this should not matter. Can you find a list? LWIP is about 15 years old so the most obvious stuff should have been done. It seems to be running utterly reliably.
Secondly, TLS can be quite slow on an MCU.
That's true but probably not bad enough. I have a 168MHz 32F417 running MbedTLS, accessing two websites over HTTPS. One has a certificate chain of 3 and the other is 4. The TLS time is 2 and 5 secs, including the server time. This is the setup. Then the session crypto, which is usually negotiated to AES256 (which I have in hardware, but even the software version in MbedTLS does 800kbytes/sec) or Chachapoly (in software, also very fast). The session speeds are vastly greater than any realistic application will be needing (or getting) over the internet. It also seems reliable, in the private server single certificate scenario at least.
There are many crappy insecure hacked IoT devices making up botnets out there already.
Can you give examples?
How can an IOT box be a bot if there is no operating system? The "OS" in my case is FreeRTOS but good luck installing another task remotely, by flashing the CPU.
Anyway, just because some people buy an IP webcam and install it with port 80 open with the default password so google can find it and then any hacker can see your house
doesn't mean that a proper installation (client only, etc, as above) will do that.
Most telemetry type applications are just clients uploading to a private server, and they are behind NAT. Anything on 4G, unless specially set up, will be behind NAT, and the channel closes after ~ 3 minutes.
I think a lot of 4G modems are linux based. I have used the RUT240 and similar and all have UIs so unbelievable slow they must be linux based
These came up management systems that let you patch the system to keep the devices secure.
OTA updates are a huge admin task which I would always avoid. It has the potential to kill your company if you brick a load of devices which then need a site visit. Same with anything doing TLS to some server which you don't control; you need a means of updating the root certificate chain (a ~200k file). Using a linux board means you have a relatively secure solution for running a public server (which itself is dumb with IOT) but a month down the road you face these same challenges.
It is interesting that 4G would be done over PPP. It looks like it might even coexist with ETH, which is interfaced to LWIP differently.