Safety? Safety!

I would like to use today's blog post to point out a very important topic.

Of course, all legal provisions must always be observed for all handicrafts. These vary considerably depending on the country, so make sure you familiarize yourself with the details before starting a project.

Given the occasion, I would like to talk to you about security in particular about WiFi connections.

As many of you may have noticed, a new toolchain was introduced last week to make WPA2 even easier to lever out. Well, the principle behind it is not new. To penetrate a WPA2 protected network, you only need a RaspberryPI and an ESP8266 with the appropriate software, that's no secret.


Of course there are now many readers who say: "But there are business solutions that work and many other hurdles that need to be overcome". But as always with this topic, safety, comfort and compatibility are on the balance. Someone who has paid attention in computer science, can use microcontrollers, understands white papers and has some imagination can still do considerable damage with the modules.


There are ways and means to make your task more difficult for attackers. Companies invest significant resources to close as many doors as possible, but this is usually not the case for home users. While a company makes sure to only use hardware that can be depreciated over a few years in order to always be up to date, it also includes many security-related aspects. An example here is 802.11w, which has long been implemented in business devices, but is almost unknown in the private sector for reasons of compatibility.


We also deliver our ESP8266 modules with firmware 2.0, as they are more susceptible to certain attacks, but 2.4r2, for example, is not fully compatible with most available Libarys.


Please note that most of our modules are prototyping modules in order to learn how to program microcontrollers comfortably. It is also easily possible to use them to control small machines and devices.

Under no circumstances should the modules be used for safety-relevant areas of application, which I would like to briefly explain using a simple example:

For example, if you adventurously install a NodeMCU with a mini power supply in a flush-mounted box, it can happen, despite careful quality control on our part, that these modules will show a defect over time and overheat due to a short circuit. In the worst case, the plastic ignites, which ends in a house fire. Your fire protection insurance will not cover any costs.
Likewise in the case of a smart home door control: If you break in, your insurance company will not pay for the damage because your self-made door lock does not have the required certifications.


Based on the inquiries of the past few days, we find it important to raise awareness of this, since many of our customers are not electrical (electronics) specialists for whom this is taken for granted.

Until the next post :)

Specials

2 comments

Albert

Albert

Hallo Timmy,
ich bezog mich hier auf das ESP-01 Modul welches meistens als “serieller Arduino-WLan Adpter” oder auch auf unseren Relais genutzt wird und mit Espressif AT-Firmware 2.0 bespielt sind.

Timmy

Timmy

Eine verwirrte Nachfrage:
Das gilt doch nur für LUA-Module?!
Die über die Arduino-IDE betankten Module müssten doch die jeweils aktuelle Software aus den Boardverwalter bekommen?

Oder gibt es noch einen weiteren Firmeware-Teil auf dem Modul bei dieser Konstellation?

MfG

Leave a comment

All comments are moderated before being published