ESP32/ESP8266 Wi-Fi Attacks
This repository(https://github.com/Matheus-Garbelini/esp32_esp8266_attacks) is to demonstrate 3 Wi-Fi attacks against the popular ESP32/8266 IoT devices:
- Zero PMK Installation (CVE-2019-12587) – Hijacking ESP32/ESP8266 clients connected to enterprise networks;
- ESP32/ESP8266 EAP client crash (CVE-2019-12586) – Crashing ESP devices connected to enterprise networks;
- ESP8266 Beacon Frame Crash (CVE-2019-12588) – Crashing ESP8266 Wi-Fi devices.
Follow the links on each vulnerability for more details and Espressif’s patches.
This vulnerabilities were found in SDKs of ESP32 and ESP8266. Their version were ESP-IDF v4.0-dev-459-g7a31cb7 and NONOS-SDK v3.0-103-g7a31cb7 respectivelly at the time of the vulnerabilities discovery.
While a custom version of hostapd is provided to test the first 2 vulnerabilities, for the last one, an ESP8266 is used to inject fake 802.11 beacon frames in order to crash others of its own (no pun intended!).