firmware upgrade encryption using mupgrade

Mr_Red
Posts: 21
Joined: Mon Sep 11, 2017 12:41 pm

firmware upgrade encryption using mupgrade

Postby Mr_Red » Mon Nov 18, 2019 7:06 pm

In ESP-IDF, the the default process for updating firmware rely on TLS to encrypt and hide the firmware update from users (or attackers).

When using the mupgrade component, there does not seem to be any encryption other than the WPA password set for the mesh network. A user could then capture the update binary if knowing the AP password.

Am I correct or did I miss something?

it_zzc
Posts: 46
Joined: Mon Apr 15, 2019 1:37 pm

Re: firmware upgrade encryption using mupgrade

Postby it_zzc » Thu Dec 05, 2019 4:18 am

The current version has this problem, and we will add encrypted APIs in later versions.

Mr_Red
Posts: 21
Joined: Mon Sep 11, 2017 12:41 pm

Re: firmware upgrade encryption using mupgrade

Postby Mr_Red » Thu Dec 05, 2019 1:17 pm

@it_zzc, thank you for the confirmation.
Please also consider providing a way to encrypt all communications, as I realized that this is also an issue with application messages.

Who is online

Users browsing this forum: No registered users and 1 guest