Encrypting default WiFi connection after setup #397
Closed
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
As described in #383 there is a serious security issue when setting up the sensor for the first time.
The credentials of your home WiFi (or whatever WiFi you try to connect your sensor to) are transmitted in plain text so that a potential attacker can sniff them without any effort. Once inside your network the attacker could do a lot of harm to other devices on your network.
To overcome this problem, I introduced a default password "ParticulateMatter255" in
ext_def.h
.Furthermore, I wanted to avoid that an attacker can easily find out this password by just reading the AP's SSID (when finding the default SSID "Feinstaubsensor-" the attacker would only have to search this word on google to find the default password which would enable him/her to decrypt the credentials again...). Therefore I renamed the SSID to the more generic term ESP which is used more widely and therefore wouldn't allow an attacker to directly deduct which password to use for decryption.
This is not a perfect solution but for ~90% of usecases this should be safe enough and in any case much safer than the actual solution of not having any encryption on the default access point.
Keep in mind that the manual(s) for setting up the sensor need to be adapted to these changes.