Page 1 of 1

Smartconfig security

Posted: Tue Jun 02, 2015 1:17 am
by JohnDoeKyrgyz
Hello,

I have successfully tested the smartconfig examples. I think this functionality will be very useful for my projects.

Would it be possible to extend the smartconfig protocol to require an extra password that the device could use to prevent unauthorized attempts to configure the wifi network? I want to make sure that someone cannot maliciously or accidentally configure my devices to use a different wireless network.

Thanks,
John Atwood

Re: Smartconfig security

Posted: Wed Mar 30, 2016 9:39 am
by palatis
you can, for example, requires the user to hit a button to be able to initiate smartconfig.
thus only people with physical access to your device may configure the wifi.

this doesn't prevent if there are dozens of people all tring to configure the same esp, tho.
just like wps, if there are multiple APs accepting negotiation, you don't know which one you'll end up connected with.