ESP32 Forum

ESP32 Official Forum
http://forum.esp32.com/

firmware upgrade encryption using mupgrade

http://forum.esp32.com/viewtopic.php?f=21&t=13188

Page 1 of 1

firmware upgrade encryption using mupgrade

Posted: Mon Nov 18, 2019 7:06 pm
by Mr_Red
In ESP-IDF, the the default process for updating firmware rely on TLS to encrypt and hide the firmware update from users (or attackers).

When using the mupgrade component, there does not seem to be any encryption other than the WPA password set for the mesh network. A user could then capture the update binary if knowing the AP password.

Am I correct or did I miss something?

Re: firmware upgrade encryption using mupgrade

Posted: Thu Dec 05, 2019 4:18 am
by ESP_Bond
The current version has this problem, and we will add encrypted APIs in later versions.

Re: firmware upgrade encryption using mupgrade

Posted: Thu Dec 05, 2019 1:17 pm
by Mr_Red
@it_zzc, thank you for the confirmation.
Please also consider providing a way to encrypt all communications, as I realized that this is also an issue with application messages.
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/