Only the connection for the configuration of the sensor runs over an open hotspot of the sensor. This hotspot is only opened by the sensor if no connection to a WLAN is possible.
After configuration, the sensor connects to the WLAN via WPA2. During normal operation, all connections are therefore made via an encrypted Wi-Fi connection.
Normally, no ports need to be opened. The notes only refer to specific routers. For example, the Fritzbox blocks access to NTP time-servers for devices connected to the guest Wi-Fi. But this must be possible for our sensor, so that we can check the certificates of the HTTPS connections in case of updates.
Basically, the connections are always made from the sensor to the internet, like any computer in the (home) network. Where necessary, we use HTTPS. Data is sent every 2 1/2 minutes, the time-servers are queried once an hour, once a day we check for firmware updates. We have tried everything to exclude possible access by hackers. But even we cannot give a 100% guarantee. So far, we don’t know of any case that someone has managed to gain access to a foreign WLAN via our sensor.