What level of protection is offered by password protecting your access point on an ESP8266. When you call the wifi.SaftAP() function you can supply a password?
A serious case study: Imagine Alice builds an ESP8266 application and puts it in a box and sends it to Bob. It comes with no wifi credentials coded on, since Alice has no way of knowing Bob's birthday or pet's name. Bob powers it up and sets it into access point mode, which is set with password = "password" and maximum number of users = 1. So Bob jumps onto the access point and sends his wifi password and SSID to the ESP8266. While he's connected, he's the only connected user. In this instance, does the password actually add any security at all?
What are the security holes in this approach, and how would you go about plugging them up, using existing firmware libraries: maybe with public key encryption perhaps or SSL?
Comments
Post a Comment