ESP8266 Security

I will soon write a bit about what the ESP8266 is, how to use it and what I have developed on that platform. In the meantime you might want to check my standalone ESP8266 smart meter project.

In a nutshell the ESP8266 is a WiFi module which can act as AP or Station and can be flashed with own Firmware. You have a few GPIOs, an ADC, some nice onboard features and enough power and space to run it as a webserver.
The whole breakout is around 3€.. So it is a perfect device for Internet of Things (IoT) applications.

However, while I realized a project on that chip and read a lot about ongoing projects on the web there came something on my mind I want to talk about. Its ESP8266 Security.

Imagine the following scenario:
Someone posts a IoT FW (compiled binaries) with some fancy stuff, maybe a small webserver running on it to toggle GPIOs or whatever. It sends the SSID, PW and MAC (plus maybe the “title” of the IoT, something like “garage door opener”) to the attacker. The attacker is now having the WAN IP which he can use in a first approach to get the approximate location. After filtering interesting victims the attacker can use google localization (or others) to get the exact Position of the victim using the SSID and the MAC.
The attacker can now attack the network and control the device or do even lot more nasty things as he has access to the WiFi.

By having the on chip programming capability the attacker can load updated or other Firmware on the device. He can hide that in the AT+CUPDATE command so the user would even help with that.

My advice is therefore to be aware of precompiled firmware-binaries you find on the web. I personally would never use a IoT device for security applications like a dooropener etc. but if you want to, make sure you have gone through the sources and compile the firmware on your own. Instructions on how to do that are available online and I maybe will add a instruction on how to do that on my own.

I don't want to say people will do that for sure but I want to make you aware that this kind of attack is possible and you should think twice before you flash some spooky binary you found somewhere on the web.

Leave a Reply

About Thomas Barth

Thomas Barth, born 1986, is a german teaching fellow and Ph.D. student. He studied electrical engineering in Darmstadt, Frankfurt and Helsinki and worked 7 years in industry automation before he switched to embedded systems and microelectronics. To read more about him, click here.