Since I am not much of a security expert, could anyone kindly share their ideas on this topic or some resources/code examples that could help?
I have some knowledge of the board itself, how it functions and how it is programmed.
Explore... Chat... Share...
martin_g wrote:In general, an ESP8266 has about the same attack capabilities like any other WiFi-enabled device:
- it can passively sniff network traffic (best in open networks like hotspots, limited infos available as soon as the traffic is encrypted with WPA)
- it can act a MITM by pretending to be a legitimate AP/Hotspot/captive portal/web site
- it can actively send rouge messages what mainly results in some kind of DOS attack (DeAuth attack, Fake AP flooding)
What makes the ESP special is the fact, that it is so small, cheap and that it can run on batteries for quite some time. This means, it can be placed anywhere, possibly even in larger quantities. Even, if it is destroyed or unreachable after the attack, this doesn't really care the attacker.
I can think of attacks with an ESP8266 where someone hides one or more small devices somewhere at an observed place (public place, hotel, private home), where they wait for activation (possibly in deep sleep mode on batteries). When activated they may sniff the local network (or some physical sensors), may upload the observed infos via local WiFi. They even may be used to span a local rouge AP (same SSID as the original APs) an try to route some traffic over the ESP as MITM.
eduperez wrote:As "martin_g" explained, the main advantage of an ESP is the small size and low price. And other than making bigger headlines in the newspaper, I do not see how that can be of any benefit to someone doing security research.
In the function that receives the code to turn the[…]
If you have control of at least one of the local n[…]
unfortunately it is not that easy ... but read mo[…]
Hi, SPIFFS is something like a "built in HD&q[…]
That's great to hear. You're welcome. If the ESP […]
You password is too short. It must be min eight ch[…]
For security reasons I would like to disable ota u[…]
Whether or not a device responds to ping shouldn’t[…]
Oh is it because this is ESP32 and not ESP8266?
Is this not the correct Forum or group?
Dear All, I am new to ESP8266, the last micro-con[…]
Is there any list of ESP8266 turn-key firmwares? W[…]
No and no if you are looking for an easy to use US[…]
there has been a project which was discussed here […]
This is why I suggested reading about ssl/tls. Eve[…]
Did you see that the code you are using was updat[…]
Simply take that example and rip off the serial po[…]
ESP8266WifiMulti tries to access a series of ssids[…]
The maximum running program size is 1MB The diffe[…]
Hi, If you are working on Atmega328 then you shou[…]