Nozomi Networks Labs has revealed two significant vulnerabilities in the ESP-NOW wireless protocol by Espressif, affecting IoT devices that rely on this protocol for fast, low-power communication. The most concerning of the vulnerabilities, tracked as CVE-2024-42483, allows attackers to perform replay attacks, bypassing anti-replay security measures to retransmit previously captured packets. Even encrypted packets are vulnerable, making it possible for malicious actors to intercept and replay commands, potentially compromising systems like alarm networks or automatic doors that depend on ESP-NOW for secure communication.
Real-world attack scenarios demonstrate how attackers could intercept legitimate commands, such as a command to deactivate a motion sensor or open a door, and replay them at will. This flaw, which requires only a high-gain Wi-Fi antenna for exploitation, could give attackers remote control over targeted IoT devices from considerable distances. No encryption key is needed for these attacks, which increases the potential risk to systems using ESP-NOW in sensitive applications like security and entry management.
A second vulnerability, CVE-2024-42484, was identified as potentially enabling Denial-of-Service (DoS) attacks. Although testing confirmed this vulnerability exists, recreating conditions to trigger a DoS proved difficult, indicating it would only pose a threat in modified applications of the ESP-NOW reference code. This issue may become a concern if manufacturers or device owners alter the protocol’s implementation, particularly in ways that expose devices to cleartext or unverified messages.
In response to these vulnerabilities, Espressif quickly released updates on its GitHub repository, implementing fixes and advising firmware updates for devices using the affected code. Nozomi’s Guardian Air wireless sensor also received updates to protect against these flaws, underscoring the importance of patching IoT devices to mitigate security risks. With ESP-NOW’s widespread adoption in IoT, these vulnerabilities highlight the ongoing need for robust security practices in smart device networks.
Reference:
