Since I am not much of a security expert, could anyone kindly share their ideas on this topic or some resources/code examples that could help?
I have some knowledge of the board itself, how it functions and how it is programmed.
Explore... Chat... Share...
martin_g wrote:In general, an ESP8266 has about the same attack capabilities like any other WiFi-enabled device:
- it can passively sniff network traffic (best in open networks like hotspots, limited infos available as soon as the traffic is encrypted with WPA)
- it can act a MITM by pretending to be a legitimate AP/Hotspot/captive portal/web site
- it can actively send rouge messages what mainly results in some kind of DOS attack (DeAuth attack, Fake AP flooding)
What makes the ESP special is the fact, that it is so small, cheap and that it can run on batteries for quite some time. This means, it can be placed anywhere, possibly even in larger quantities. Even, if it is destroyed or unreachable after the attack, this doesn't really care the attacker.
I can think of attacks with an ESP8266 where someone hides one or more small devices somewhere at an observed place (public place, hotel, private home), where they wait for activation (possibly in deep sleep mode on batteries). When activated they may sniff the local network (or some physical sensors), may upload the observed infos via local WiFi. They even may be used to span a local rouge AP (same SSID as the original APs) an try to route some traffic over the ESP as MITM.
eduperez wrote:As "martin_g" explained, the main advantage of an ESP is the small size and low price. And other than making bigger headlines in the newspaper, I do not see how that can be of any benefit to someone doing security research.
Hi. Is there a way of checking/setting the css buf[…]
Interesting. I have used 12Fs exclusively and I h[…]
One resource that might help is the raspberry pi d[…]
mingw32-make.exe: *** [build / app.out] Error 1 […]
I have the kit https://www.amazon.com/HiLetgo-Int[…]
Hi Xury; Between 2 projects I looked for your req[…]
Any further updates on this? I purchased the Mak[…]
Nothing connected to A0 pin. Hi friend, have yo[…]
Hello I would like to send commands to esp8266 vi[…]
if they are from a local store they might as well […]
What do you think actually solved the problem : Wa[…]
Today at 10:53 pm Last Edit: Today at 10:59 pm by […]
Riky, I am also new to ESP8266 but I solved the sa[…]
Hello. What I am trying to do is load a file store[…]
schufti, thanks for verifying that it should work […]
Hello I wish to control some house lights from a […]
Can't help you with Arduino IDE since I'm not usin[…]
hello I'm interfacing esp8266 with PC via TTL to […]
Hi. Not sure but it looks like the ESP.updateSket[…]
Hi. Have you looked at Blynk. You can run a Blynk[…]