Skip to content

ESP32 Security Cheatsheet

ESP32 Security Cheatsheet

Overview

The ESP32 is a powerful and popular microcontroller with built-in Wi-Fi and Bluetooth. It is widely used in a variety of IoT devices, from smart home hubs to industrial sensors. However, like any connected device, the ESP32 is vulnerable to security threats. This cheatsheet provides a quick reference guide for understanding and improving the security of ESP32-based devices.

Key Security Features

  • Secure Boot: Ensures that only trusted code is executed on the device.
  • Flash Encryption: Encrypts the contents of the flash memory to protect against unauthorized access.
  • Hardware Cryptography: The ESP32 has a hardware-accelerated cryptographic engine that can be used to perform a variety of cryptographic operations, such as AES, SHA, and RSA.
  • Wi-Fi Security: The ESP32 supports a variety of Wi-Fi security protocols, including WPA2 and WPA3.
  • Bluetooth Security: The ESP32 supports Bluetooth Secure Connections, which provides a secure way to pair and communicate with other Bluetooth devices.

Common Vulnerabilities

  • Insecure Wi-Fi Configuration: Using weak or no Wi-Fi security can allow attackers to gain unauthorized access to the device.
  • Insecure Bluetooth Configuration: Using weak or no Bluetooth security can allow attackers to gain unauthorized access to the device.
  • Insecure Over-the-Air (OTA) Updates: Failing to properly secure the OTA update process can allow attackers to install malicious firmware on the device.
  • Insecure Web Interface: A poorly designed web interface can be vulnerable to a variety of attacks, such as cross-site scripting (XSS) and SQL injection.
  • Physical Attacks: An attacker with physical access to the device can attempt to extract sensitive information from the flash memory or to modify the firmware.

Best Practices

  • Enable Secure Boot and Flash Encryption: These features provide a strong defense against physical attacks.
  • Use Strong Wi-Fi and Bluetooth Security: Use WPA2 or WPA3 for Wi-Fi and Bluetooth Secure Connections for Bluetooth.
  • Secure the OTA Update Process: Use a secure method to deliver and install OTA updates, such as HTTPS and code signing.
  • Design a Secure Web Interface: Use a secure web framework and follow best practices for web security.
  • Protect Against Physical Attacks: Use a secure enclosure and consider using tamper-evident seals.

Additional Resources