opensourcemirror
/
WLEDwiki
mirror of https://github.com/Aircoookie/WLED.wiki.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Updated Security (markdown)

This commit is contained in:
Aircoookie 2017-12-13 12:11:45 +01:00
parent 1ed2ea455d
commit e8083a274c
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
Security.md
View File

@ -25,4 +25,8 @@ Now apply the settings and reboot. After that you can carry out the software upd
### 5: Why is this OTA lock stuff that important?
A: Your unencrypted WiFi password is stored in the module's EEPROM. It would be easy to "update" the software to a malicious version which sends your password to the attacker. OTA Lock makes sure only those with the passphrase may carry out a software update. And yes, while you can disable OTA lock by doing a factory reset, this would also kill the WiFi connection to the attacker.
A: Your unencrypted WiFi password is stored in the module's EEPROM. It would be easy to "update" the software to a malicious version which sends your password to the attacker. OTA Lock makes sure only those with the passphrase may carry out a software update. And yes, while you can disable OTA lock by doing a factory reset, this would also kill the WiFi connection to the attacker.
### 6: Anything else?
A: A personal tip from me is not to give anyone your IP to control the software who you do not wish to do so on a regular basis. It is not critical from a security standpoint, but it can be very annoying if someone plays with your lights, or even worse, change your AP credentials to the point where you can no longer access the module except via USB.