ESP8266 security vulnerability! Krack attack.

[anakod]

New vulnerability was found in the WPA2 wireless protocol called Krack that could allow attackers to eavesdrop on wireless connections and inject data into the wireless stream.

Espressif already published patch:
espressif/ESP8266_NONOS_SDK@b762ea2

More information\related links:

• https://www.bleepingcomputer.com/news/security/list-of-firmware-and-driver-updates-for-krack-wpa2-vulnerability/
• Patch for WPA2 vulnerability (Krack Attack) arendst/Tasmota#1024
• Firmware Updates for KRACK WPA2 Vulnerability esp8266/Arduino#3725

[anakod]

@slaff Hello. I think we should publish hotfix for this issue.

[slaff]

I have something half-baked ( https://github.com/slaff/Sming/tree/update/sdk-2.1 ) BUT it means that we should switch to the latest SDK 2.1.0++ and stop supporting the other SDKs. The patch is based on that PR #1153.

@anakod If you want this fixed soon I will need your help to test it and make it rock-solid.

[anakod]

I have something half-baked

In that case, may be you will prepare P-R and we will start testing?

[slaff]

@anakod Check this PR #1264

[SvenLuebke]

Did anyone get the latest SDK from https://github.com/espressif/ESP8266_NONOS_SDK completely running? I've fixed all compiler errors and warnings, but afterwards the linker complains about:

xtensa-lx106-elf/bin/ld: out/build/app.out.tmp section .text' will not fit in region iram1_0_seg'
xtensa-lx106-elf/bin/ld: region `iram1_0_seg' overflowed by 56808 bytes

for Basic_WiFi.

EDIT: OK, updating the ld-file according to espressif/ESP8266_NONOS_SDK@b8fd588 seems to fix that issue.

[slaff]

With commit c2cc852 we have experimental support for SDK 2.1.0. Please, test and report any issues that you have noticed.