Hi,
With the Krack attack that have been published today regarding WPA2 weakness, what are the plan to mitigate risk in ESP Easy implementation ?
The issue have already been trigered to esp8266 arduino Github: https://github.com/esp8266/Arduino/issues/3725
IOT devices should not be a weak part regarding security :/
more info here: https://www.krackattacks.com/
WPA2 weakness discovered (KRACK)
Moderators: grovkillen, Stuntteam, TD-er
Re: WPA2 weakness discovered (KRACK)
+1
but also there are a few other things I would like to see implemented too
1) Masking of the WPA2 password
2) Use of HTTPs rather than HTTP (though I'm not sure if this is possible)
re: KRACK the only thing I can think of to reduce the chances of this exploit happening, is to disable SSID broadcast on the WiFi appliance. If an attacker cant see what SSIDs are around him/her they wont have anything to target. Something i'll be testing with my ESP based devices in the coming days.
but also there are a few other things I would like to see implemented too
1) Masking of the WPA2 password
2) Use of HTTPs rather than HTTP (though I'm not sure if this is possible)
re: KRACK the only thing I can think of to reduce the chances of this exploit happening, is to disable SSID broadcast on the WiFi appliance. If an attacker cant see what SSIDs are around him/her they wont have anything to target. Something i'll be testing with my ESP based devices in the coming days.
Re: WPA2 weakness discovered (KRACK)
My thoughts yesterday,
Create 2 wifi networks, one for ESP one for other devices (phone, laptop) with restrictions.
Disable SSID broadcast for the ESPeasy network.
Create 2 wifi networks, one for ESP one for other devices (phone, laptop) with restrictions.
Disable SSID broadcast for the ESPeasy network.
Located in Belgium, Bruges. Working on a full DIY domoticz setup with ESPEasy.
Re: WPA2 weakness discovered (KRACK)
Espressif has released security patches for their own ESP-SDK's RTOS and NONOS:
https://www.kb.cert.org/vuls/id/CHEU-ARFFHX
So hopefully we will see some updated ESP8266-Core for Arduino and same for PlatformIO soon........
Regards
Shardan
https://www.kb.cert.org/vuls/id/CHEU-ARFFHX
So hopefully we will see some updated ESP8266-Core for Arduino and same for PlatformIO soon........
Regards
Shardan
Regards
Shardan
Shardan
Re: WPA2 weakness discovered (KRACK)
Apparently the Espressif correction is already included in the 2.4 rc2 version of ESP8266 arduiono SDK, which is good news: https://github.com/esp8266/Arduino/comm ... edff08755c
But what are the plan for ESP Easy to integrate it ?
I'm not so sure that hiding the SSID will protect against KRACK, since KRACK attack do not target AP but it's dialog between host and AP that should be listened and removing SSID broadcast would not prevent that.
in addition to https when ESP is in AP mode (but this is not related to KRACK) I would really like to see TLS implementation for MQTT connection.
(Yes I have separate SSID on specific VLAN and a strict firewall for my IOT devices, but it's a limited mitigation.)
But what are the plan for ESP Easy to integrate it ?
I'm not so sure that hiding the SSID will protect against KRACK, since KRACK attack do not target AP but it's dialog between host and AP that should be listened and removing SSID broadcast would not prevent that.
in addition to https when ESP is in AP mode (but this is not related to KRACK) I would really like to see TLS implementation for MQTT connection.
(Yes I have separate SSID on specific VLAN and a strict firewall for my IOT devices, but it's a limited mitigation.)
Who is online
Users browsing this forum: No registered users and 12 guests