That being said, the status quo is completely untenable. Connectivity has become the norm in the hardware space, and it is built on a shoddy software foundation. Vendor SDKs are often best effort endeavors provided "as is" with no thought given to security or reliability. The results are clear: "the S in IOT stands for security" has become a trope, and connected cameras, locks, washing machines, and many more are getting owned on a weekly basis.
This will change, and whoever cracks this nut will be very successful indeed.
(They are great for makers though, very affordable, lots of features.)
(1) it may seem absurd, sort of sci-fi, but having access to the underlying hardware and its firmware would make it not that hard to do. In that case, the only way to safely analyze network traffic would require very fast logic analyzers that wouldn't use any dedicated network chipsets.
The point is: security through obscurity usually doesn't work well, unless the untrusted party is the hardware maker itself, or whoever decides what they put in the hardware; in that case security through obscurity becomes a lot more about obscurity than security, which makes it near 100% effective.
How about the risk to their business when a multinational corporation is X-raying their cores for backdoors (as one does) and finds the state backdoor, and then decides to no longer do business with the hardware manufacturer because of it—and also publicizes the existence of the backdoor, such that other multinationals pull out as well?
(I say "multinationals" because, presumably, purely-domestic corporations could be compelled by the state to accept the backdoor and say nothing about it.)
Edit: it was for sure SuperMicro and Amazon.
This is false. In most western countries governments cant force HW makers to add backdoor.
Even in China, they might not need to rely on explicit state security authority, just tie it up with state sponsored funding or other softer measures.
They can't do that.
It can only compel the release of collected metadata to agencies.
It's great that you can make claims like this based on zero evidence or even allegations, but there is no basis in fact for it.
What's more the number of 3rd party people that have to be involved in something like this make it virtually impossible that the national security letter structure could keep them all silent, especially since there are numerous foreign nationals in the supply chains.
Go read the huge amount of ACLU coverage of these, or the many articles linked, or the congressional testimony. There are no allegations that this mechanism is being used to do what you say.
That doesn’t prove they have done it. But arguing they can’t is crazy.
Care to state your belief about the relations between the TLAs and the larger networking and communications firms in the US?
Not the OP, but I think that addressing specific parts of the claim is extremely important.
We've seen this around the PRISM program, where the allegations of support by tech companies were confused by their support for lawful law enforcment warrants (as opposed to the NSA's dragnet surveillance via PRISM). This confusion has reached the point where I saw a lecturer claiming Google helped the NSA collect data as part of PRISM, where the NSA's own slides show the opposite.
 The famous "smiley slide" https://arstechnica.com/tech-policy/2013/10/new-docs-show-ns... or https://slate.com/technology/2013/10/nsa-muscular-program-sp...
I'm not aware of anything that would prevent the court from ordering a vendor to implement features to effectuate surveillance ordered by the court.
And that's a pretty weak compulsion, since the people who are bound are the people who would ordinarily prosecute any federal crime, and they probably aren't interested in prosecuting themselves.
The fact that some government agent applies for the warrant does not alter the fact that the warrant, once granted, is an order nor does it remove the power of the writ for further orders to effectuate the warrant.
Plus Broadcom is a US-based company and can be compelled by the US government to place hardware back doors.
Sadly this isn't a tin foil hat possibility.
This is not to say that Espressif is the bee's knees. I personally wouldn't use their hardware in production. But by making their product easily accessible, and much of the source code open, they have made it easier for white hats to raise security issues.
Count Texas Instruments ("TI") in this camp.
For example, Josh Wyatt of TI is proud of TI's "black box" approach to security, and even became a bit defensive about TI's closed source / "you don't need to know" aspects of its security for its CC3220 chips:
Why the F would anyone use these chips, when you can use a garden variety MCU, use a good TLS stack like WolfSSL or BearSSL, and fully control / own what goes into your product?
They did finally provide a method to use a custom root CA for SSL a year later, https://e2e.ti.com/support/wireless-connectivity/wifi/f/968/....
They seemingly failed to comprehend why anyone would not want to use TI's chain of trust, that is not manufacturer customizable, on proprietary IoT devices. This was explicitly an issue for code signing as well, as it required obtaining a third-party code signing certificate from any number of CA's instead of using our explicit root CA.
 spelling, clarity
I hope no one seriously relies on any of these products in any secure application. Indeed, many of the vendors in that thread described how they are moving away from the chip due to TI's asinine stance on the issue.
Having worked for a while with the state of the art of microcontroller internet connectivity I can unfortunately second this. Some vendor SDKs are a mess of copied together source code (e.g. old versions of mbedtls and LWIP libraries), random modifications, no clear integration and often quite a few multithreading and memory issues right out of the box. And that's not even to mention that there are often exists exactly 0 unit-tests.
I really hope the state of this space improves in the future, e.g. through new higher quality stacks. Rust would be a great candidate for these things, since it prevents lots of the issues upfront by refusing to compile. But building better stacks takes a lot of time and effort, and someone would first need to start those invest this.
These chips are the first hits for searches such as "Arduino wifi module", "breadboard wifi", "IoT wifi module", and many, many more as they're the downright easiest way to add wifi to something that doesn't have it out of the box.
I'm not sure how applicable these attack vectors are in the real world, but they affect a very large number of devices for sure.
Right now I'm looking to create smart blinds. The motors don't use that much power, but the issue is the MCU listening for commands. The ESP32 support BLE, but it's power consumption is still rather high, so batteries would only last a few days at most.
Even at once every 10 minutes, it should manage almost 3 weeks without requiring a recharge.
Some options that definitely help is to quicken the Wifi reconnect. ESPHome has options to disable AP scanning and doing a fast-and-dirty connect&send. Using MQTT also helped a lot compared to using HTTP.
The most important part is to reduce the on-time as much as possible. 30 seconds is still way above the lower limit that I can do. If you halve it you can double the amount of data points without additional energy by reducing the sleep time.
I'm working on replacing the battery with a solar panel and supercap to power it from ambient shadow light entirely, the numbers to agree that it is possible in my case. Would help to keep it alive in cold weather.
After a few months it stopped working, I think some moisture got in and the DHT11 failed.
A bare chip makes it much easier, and you need to balance what comes online and how long it sleeps to still work in your use case.
It's not all that easy in some cases, but it can be done. I've used  as a resource before in my own projects.
Biggest problem we found was enterprise networks would randomly kick you off if you were using DHCP. I think because they would assume that if you hadn't transmitted in five to ten minutes it meant you'd gone away. Using static IP fixed that.
Edit: Friend of mine that mucks with ESP8266's uses the low power timer to reset and wake the device up out of deep sleep. (Via a simple hack I think just connecting a timer pin to the reset).
Star-mesh topology, with batteries on the leaf nodes. Solar further in. Excerpt: "I’m expecting about 3 months at a 5min log interval using a 2000mAh lipo battery."
on Banggood they show that they sold 242338 of them:
on Amazon the 4 pack listing has 548 customer reviews and there are other listings with hundreds of reviews and probably lot more people bought it than the reviews.
It's used mostly for lights, fan, AC, heating, so not that much critical, but still lot of devices.
There are way, way more moneyed companies in the wifi MCU game, but I have not seen a single competitor chip outside sales demos yet.
Redpine had big dotcoms backing, but it seems that even they dropped the ball on them in favour of Chinese chipmakers. Amazon and Google recently reached out for MXCHIP and Espressif, and their Redpine based solutions never went beyond the tech demo stage.
The ESP32 follows right in its foot steps with even more features, power and power saving features. Espressif really saw the market the DIY community means and did some minor tweaks to its policies to cater to it, which probably helped its popularity with commercial hardware makers as well.
Plus, since it comes from "another China" it's subject to Chinese customs duty which negates whatever cost advantage it could have.
Any recommendations for good, affordable dev boards (say under 20Euro/USD), that are easily available?
(I have been playing with RobotDyn Blue Pills and Rust, but no wireless or Bluetooth connectivity.)
No. Espressif is used because it is _cheap_ and has relatively good support libraries. Just the chips/modules from other vendors are usually 15 to 20€ in single quantities while you can get an ESP8266 minimum development board (almost all normal arduino boards are minimum development boards) for like 3€.
Unless other vendors reach that same level, they will always stay back.
I work with a mid sized engineering consultancy.
We began switching to ESP as our primary platform just around 2 years ago, just as wifi gadgets were starting to boom.
To date, we got 500 megs of MCU project in our repo. Though most of code is repetitive, there is no chance we will part with such a huge codebase.
Being able to complete a $200k project in a few weeks through code reuse, instead of few months is huge, and imagine how it is for bigger companies with own hardware. No chance anybody switching now.
No. It was first comer advantage in affordable wifi MCUs since they existed just fine before but only as more expensive solutions as I mentioned. You can keep on claiming otherwise but the facts don't support you in claiming that there weren't wifi MCUs before.
Technically, and conceptually they were hopelessly behind an integrated WiFi MCU.
Espressif did not innovate in the technology space but in pricing and having enough documentation available that hackers could piece together an open source toolchain and libs for the chip.
I'm not familiar with the Enterprise WPA2 stuff. Is it widely used in high security environments or "enterprise" areas? and is the ability to gain control over a device on those networks a big deal?
Enterprise WPA2 always seemed crazy complex, and the fact that many devices can't even seem to do WPA2 Personal completely correctly, I never had a good feeling about the Enterprise stuff.
> This practically means that unpatched ESP devices are more secure by actually using just WPA2 Personal.
This is good for all of us DIY'ers that are only using Personal WPA2 - the worst we're exposed to is targeted DOS attacks.
How do you power them all? 20 AC adaptors or battery/solar or something?
The battery powered ones need to be careful with how they sip power, but in most cases I can rig something up to get them to last. And the batteries I got off eBay all came with their own USB charger, so like 30 minutes of charging every few months and they are good.
I want to look into solar, but I just haven't had time to tinker with it yet.
WPA2 Enterprise doesn't use a preshared key, instead relying on something like RADIUS Authentication to validate usernames/passwords and then providing a custom key.
If you uses your Active Directory credentials to login to corporate WiFi then you're using WPA2 Enterprise.
Looks like it was closed due to "lack of info". I wonder if that caused some bad blood?
By my read, the fix is still open in that repo, tracked by the follow-up issue: https://github.com/esp8266/Arduino/issues/6436
Still don't know exactly why my home assistant can discover & control my wifi bulbs...never provided passwords or anything.
Not this is homeassistant - open source stuff. Aim of the game is to avoid amazon/google etc.
Without Enterprise, there's just one magic shared key "password" known to every user of the network.
The Enterprise mode outsources authentication of participants to a separate service using EAP and nearly always ends up leveraging TLS to actually make this secure one way or another.
This enables, for example, EduROAM in which academics and students use their "home" institution credentials to get network access in any participating educational network.
The "big boys" probably use custom made silicon (but even then I've seen custom-made silicon with an ESP8266 mounted onto it to abstract out the wifi connection part), but I wouldn't be surprised if the majority of IIoT startups use the ESPs as part of their products.
If the latter, can I make my own real eduroam AP?
Since TLS ends up in the picture many institutions use the Web PKI, so a typical modern device already understands how to verify that this is the right server for email@example.com to authenticate against, it's the one with a Certificate for the DNS name example.com. But yes, they can do all this with custom certificates instead and I'm sure lots do that.
Yes, you can in principle make an EduROAM service. You should probably talk to whatever higher education or further education IT body exists in your country.
Notice that only academics and students get to access the network, so unless you're either of those things you'll need to also add an escape hatch for yourself and anybody else you want using it. Offering the service to others does not entitle you to any access, it would be only a courtesy to others.
I've been trying to bring the Bluetooth stack (which shares a common ancestor with the Android one) closer to the current Android Bluetooth stack, since that's well maintained (ish) and I'm extending it.
ESP32 is a series of low cost, low power system on a chip microcontrollers with integrated Wi-Fi and dual-mode Bluetooth.
some kind of IoT chips? can't tell what the real world impact of this is.
edit: whoa, thanks for context folks! i'm surprised this wasn't obvious from wiki pages.
... and it talks MQTT and connects straight into Home Assistant.
If a NodeMCU board is too big for you then an ESP 01S is smaller and even cheaper. Less I/O options though but very useful. Needs a writer and wires to program. You can get one with a relay that is capable of switching 16A.
https://frenck.dev/diy-smart-doorbell-for-just-2-dollar/ - here's an example of a project. $2 is a bit ambitious I spend £7 for two of them on Amazon. That's two ESP-01S and two relays!
I don't do Arduino. esphome is a lot easier for me. You use pip to get the thing installed under your user account. Write a .yaml file which is largely copy and paste from examples and then install it through a USB cable the first time and then over the air after that.
Be prepared to wave goodbye to your spare time and seriously consider a separate VLAN/SSID for these things.
I got the DHT22 to work at 3.3V. But an old 1-Wire DS18B20 I have is very finicky. The pullup needs to be 500-800 ohms. Any experience with 1-wire at 3.3V? (Parasitic power mode). Worked great on a 5V nano.
I can wrap my head around doing the soldering.
But power means either power adapter or battery?
If I’m doing power I might as well use a raspberry.
Like the parent I have a few temperature/humidity sensors dotted around the house. Using a PI would be overkill and I'd have to keep the system packages up to date, worry about failing storage-device, etc.
Damn. Was hoping that isn't the answer.
Phone chargers everywhere are ugly & in the way
>I'd have to keep the system packages up to date, worry about failing storage-device, etc.
This is what virtually every WiFi toaster around uses now. If you see a wifi device below $20, it is almost certain that it will be Esp32 inside
The ESP chips are OTA capable with example code provided, but that still means vendors have to incorporate the function, provide a way for the device to check for updates, care enough to produce updates, and secure the upgrade mechanism enough that it's not a worse vulnerability than an unpatched device.
Well, they have to be used _somewhere_. It's not like Espressif is achieving the economy of scale for a 3$ module by selling to hobbyists...
If you are doing mission critical or life-safety related work with $3 devices, you are doing it wrong. Spend a little more and use something else.
In my case, I am monitoring room temperatures in my house with several ESP8266 devices so I want easy-to-connect features. I don't care about security in this application.
But there is a point where you make a device so secure that it can be very difficult to connect with anything.