Hello,
I would like to know is ESP8266 (and derivated devices) is concerned by FragAttacks (https://www.fragattacks.com/) vulnerability? If so, is there any work in progress on these topics?
Thank you
Benjamin
FragAttacks
Re: FragAttacks
Yes, thank you, I just see that issue.
Re: FragAttacks
Hi Brenard,
There is an Advisories section on our website here: https://www.espressif.com/en/support/do ... advisories . We will post an advisory there once we've finished analysis and patching and also update here.
The vulnerability pertains to design flaw in the specification and therefore ubiquitous. It involves toggling an unauthenticated flag in otherwise authenticated and encrypted packet for the purpose of changing parsing sequence to favor the attacker. The attacker also needs to be in physical proximity of the device under attack for the purpose of spoofing (man-in-the-middle). We believe this vulnerability is difficult to exploit, however, we will be making corresponding patches and an advisory available soon.
There is an Advisories section on our website here: https://www.espressif.com/en/support/do ... advisories . We will post an advisory there once we've finished analysis and patching and also update here.
The vulnerability pertains to design flaw in the specification and therefore ubiquitous. It involves toggling an unauthenticated flag in otherwise authenticated and encrypted packet for the purpose of changing parsing sequence to favor the attacker. The attacker also needs to be in physical proximity of the device under attack for the purpose of spoofing (man-in-the-middle). We believe this vulnerability is difficult to exploit, however, we will be making corresponding patches and an advisory available soon.
Who is online
Users browsing this forum: No registered users and 99 guests