ESP32 Forum

Heads up, folks!

https://www.krackattacks.com/

Basically, there's a design flaw in the standard for WPA2 that allows for a key re-installation attack on WPA2. All key exchange types are vulnerable. AES-CCMP is semi-resilliant to the attack, as is Enterprise. TKIP and GCMP are very, very vulnerable. It allows someone to inject themselves as a MITM between the client and the AP with minimal ability to detect that the attack has occurred.

Patches are out or about to be out for implementations of the supplicant part of the stack. You will need to update things when Espressif updates the driver stack for the ESP32 and their other WiFi devices.

Looks like Espressif had prior disclosure and have already pushed fixes to the master branch of the IDF.
They will also soon be releasing v2.1.1 with the fix and it will be in the upcoming v3.0 release.

https://esp32.com/viewtopic.php?f=13&t= ... 687#p15687

Lucas.Hutchinson wrote:Looks like Espressif had prior disclosure and have already pushed fixes to the master branch of the IDF.
They will also soon be releasing v2.1.1 with the fix and it will be in the upcoming v3.0 release.

https://esp32.com/viewtopic.php?f=13&t= ... 687#p15687

Epic. I suspected they'd be on top of this. Thing is, folks, **WE** need to be as on-top of this. If you've got product out there using WiFi...you need to get ready to push an update when 2.1.1 or 3.0 comes out. Seriously.