Expressif IoT platforms made safe from KRACK

Expressif IoT platforms made safe from KRACK

The recent KRACK exploit has led to fears that this will allow further exploitation of IoT platforms, many of which use WiFi for their internet connection.

One of the most successful recent IoT platforms is the Espressif ESP8266 chip. It is very cheap which doesn’t require a lot of support circuitry, and provides a robust CPU platform at 80Mhz. Many devices use it to become WiFi-connected IoT appliances. Espressif’s updated chipset, the ESP32, is also gaining traction, providing both WiFi and Bluetooth capabilities as well as more GPIO pins.

Quite often chipset manufacturers have been slow to release fixes for security vulnerabilities. It is good to see Espressif release patches for Wifi vulnerabilities like KRACK, especially on the same day as the public announcement of the vulnerability.

These updated libraries are available for the Espressif environments, for Arduino using libraries 2.4.0-rc2, Platform.io using their staging environment. Updating to these libraries, and recompiling your project will make it safe from KRACK at the IoT end. Now hopefully you have an Over-The-Air (OTA) update system to distribute this to the thousands of end-points you have deployed.

30 October 2017: Arduino IDE users can follow the instructions from the ‘Guy with Swiss accent’ using the YouTube video below.

John Dixon

John Dixon is the Principal Consultant of thirteen-ten nanometre networks Ltd, based in Wiltshire, United Kingdom. He has a wide range of experience, (including, but not limited to) operating, designing and optimizing systems and networks for customers from global to domestic in scale. He has worked with many international brands to implement both data centres and wide-area networks across a range of industries. He is currently supporting a major SD-WAN vendor on the implementation of an environment supporting a major global fast-food chain.

Comments are closed.