The age of Internet of Things (IoT) devices is upon us, connecting everyday devices to the internet for unparalleled efficiency and convenience. ESPTouch is one such connection protocol designed for IoT devices, enabling seamless device and network configuration via an easy-to-use smartphone application.

However, as with any rapidly evolving technology, vulnerabilities and security issues may arise. This post aims to detail a recent vulnerability discovered in the ESPTouchV2 protocol, as well as offer an overview of the issue and accompanying code snippets.

CVE-2024-53845 Overview

In the ESPTouchV2 protocol, the usage of custom AES (Advanced Encryption Standard) keys was available to users to enhance security. However, this encryption method requires an Initialization Vector (IV) to be set, which was not supported in earlier versions of the protocol (specifically, versions prior to 5.3.2, 5.2.4, 5.1.6, and 5..8).

As a result, the IV remained constant at zero throughout the product's lifetime, causing the AES/CBC (Cipher Block Chaining) mode's encrypted output to become deterministic. This, in turn, increased the likelihood of data leakage and additional vulnerabilities. Here's an example of the constant IV in a code snippet:

# Initial IV is set to zero
iv = b'\x00' * 16

Solution

To remediate this issue, starting with versions 5.3.2, 5.2.4, 5.1.6, and 5..8, ESPTouch introduced the generation of a random IV when activating the AES key. This IV is then transmitted, along with provision data, to the provision device (such as an IoT device or application on a smartphone):

# Generate random IV
iv = os.urandom(16)

Moreover, the provision device has been updated with a parser capable of understanding and processing this new AES IV. This upgrade applies to all users and applications of the ESPTouch v2 component from ESP-IDF and is essential for improved security.

Unfortunately, as this issue lies within the ESP Wi-Fi stack, there is no workaround for users to fix this issue at the application layer without upgrading the underlying firmware.

References

For more information on the ESPTouch protocol and the latest updates, please refer to the following resources:

1. Official ESPTouch GitHub Repository
2. ESP-TOUCH Protocol Implementation for Internet of Things
3. Espressif Systems - AES CBC Mode IV

Conclusion

As IoT devices become increasingly popular, it is crucial to stay ahead of potential vulnerabilities and maintain the security of connected systems. Upgrading to the latest version of ESPTouchV2 protocol is a crucial step in ensuring the security and stability of your applications and devices. Stay informed and take the necessary steps to protect your IoT investments.

Timeline

Published on: 12/12/2024 02:15:29 UTC