Password Encryption - AT Command (AT+CWJAP)

[elec_hobbyist]

I am working on a project that includes an STM32 microcontroller, an ESP32 module, and other components. The application code scans for available Wi-Fi networks and prompts for the SSID and password to connect to a network. The password is collected and then sent to the ESP32 module via AT commands to initiate the connection. The issue is that the Wi-Fi credentials are not secure. If someone probes the UART pins, the data over UART will be transparent, allowing anyone to extract the password.

To solve this problem, I have tried multiple approaches. I have successfully built the ESP-AT firmware (https://github.com/espressif/esp-at) and flashed it onto the module. My approach was to locate the password string or the AT+CWJAP command within the code so I could modify these strings for testing if the password can be encrypted. However, I was unable to find any AT commands in the code, as they seem to be part of the ESP-AT core, which is not accessible to users. It appears some of the information may be transmitted over-the-air.

Alternate approaches I have tried include:

Intercepting the AT commands over UART and accessing the buffers that hold Wi-Fi credentials, which I was unable to locate.
Using custom AT commands to override the AT+CWJAP command, allowing me to access and encrypt the command parameters before sending them to the module, and decrypt them at the other end. I was unsuccessful in passing a custom command.
If a solution to this problem has been found or if there are any suggestions on the approaches I have tried, I would greatly appreciate any advice. Thank you.

Kind regards,

[esp-at]

Thank you for your feedback. We already have plans to implement this feature by an external example, as it's crucial for product security. The addition of this feature to AT is expected in 2024.Q3.