ESPEasy SPIFFS(?) Security Issue
Posted: 25 Jun 2017, 21:43
Last week I was testing some ESP-01 devices with ESPEasy 2.x and ran into the following problem (which is probably more a general issue than specifically related to version 2.x):
I first flashed ESPEasy 2.x (guess it was Dev-7) with the binary firmware uploader and then configured the node including Wifi SSID for my WLAN.
I later upgraded the firmware to Dev-8 (?), again with the firmware uploader tool (so not using the Tools/Load option on the node itself).
I expected that I would have to go through the basic config again: connecting to SSID ESP_01 and having to configure Wifi again but I did not have to, it used the already existing configuration. At first I did not notice this and thought that a problem had occurred during flashing instead.
I then did some tests by uploading the 'BareMinimum' and 'Blink' sketches to the ESP-01 from the Arduino IDE. I tried both memory sizes 1M (SPIFFS 64k) and (SPIFFS 512k). They worked so my ESP-01 was still functioning properly.
I then installed ESPEasy Dev-8 (?) again. Expecting that flashing the sketches from within the Arduino IDE I would now have a 'blank, clean' ESP-01 again. So I was waiting for the Wifi SSID ESP_01 to appear but it did not. It looked just like the previous attempt, as if something went wrong during flashing. But when checking the device list on my router I saw that the 'old' node was up again. Exactly like I had configured it the first time I flashed ESPEasy onto it.
I was flabbergasted. I expected that I had wiped the old configuration data by writing the BareMinimum and Blink sketches from within the Arduino IDE. However after reflashing ESPEasy onto it, it appeared to have retained the old configuration data - including the Wifi password for my WLAN.
This appears to be a serious security hole/feature/issue.
I first flashed ESPEasy 2.x (guess it was Dev-7) with the binary firmware uploader and then configured the node including Wifi SSID for my WLAN.
I later upgraded the firmware to Dev-8 (?), again with the firmware uploader tool (so not using the Tools/Load option on the node itself).
I expected that I would have to go through the basic config again: connecting to SSID ESP_01 and having to configure Wifi again but I did not have to, it used the already existing configuration. At first I did not notice this and thought that a problem had occurred during flashing instead.
I then did some tests by uploading the 'BareMinimum' and 'Blink' sketches to the ESP-01 from the Arduino IDE. I tried both memory sizes 1M (SPIFFS 64k) and (SPIFFS 512k). They worked so my ESP-01 was still functioning properly.
I then installed ESPEasy Dev-8 (?) again. Expecting that flashing the sketches from within the Arduino IDE I would now have a 'blank, clean' ESP-01 again. So I was waiting for the Wifi SSID ESP_01 to appear but it did not. It looked just like the previous attempt, as if something went wrong during flashing. But when checking the device list on my router I saw that the 'old' node was up again. Exactly like I had configured it the first time I flashed ESPEasy onto it.
I was flabbergasted. I expected that I had wiped the old configuration data by writing the BareMinimum and Blink sketches from within the Arduino IDE. However after reflashing ESPEasy onto it, it appeared to have retained the old configuration data - including the Wifi password for my WLAN.
This appears to be a serious security hole/feature/issue.
- Can someone explain why the original configuration data was retained instead of being cleared/overwritten?
- How should one properly and securely wipe an ESP8266's flash memory so the configuration data cannot be reused by just flashing ESPEasy firmware onto it?