mendesgeo
New vulnerabilities in ESP8266/ESP32 Wi-Fi SDKs disclosed. 2 of them allows attackers to crash devices in radio range. Combined with a critical one, it's possible to completely hijack any ESP device connected to enterprise networks without having any password, username or certificate. Espressif has already patched their SDKs. In addition, the beacon crash vulnerability allows an attacker to easily crash any ESP8266 withing radio range. I believe this is of critical importance for OpenPLC project.

The latest Arduino repositores of ESP8266 and ESP32 already fix such problem. Be aware of any ESP8266 on the field with no patches.

Quote 0 0
thiagoralves
Nice finding Matheus! Your research has made the ESP8266/32 a bit more secure. I looked at your profile and it seems that we have a lot in common! We both are from Brazil, we both have a BEng in Electronic Engineering from PUC, and we both have worked with Sudipta Chattopadhyay. I've helped Eyasu Chekole with his research on industrial controllers security. Is he still at SUTD or has he graduated already? I wish you the best of luck in your career!
Quote 0 0
mendesgeo
Olá Tiago. É um prazer muito grande saber que o projeto OpenPlC foi criado por um Brasileiro. Na verdade é em razão a este projeto existir que tive a oportunidade de vir trabalhar com o Sudipta. Não sei se você lembra, mas eu fui o primeiro a usar ScadaBR com o projeto. Tinha aberto um issue no GitHub a uns 5 anos atrás e a partir dai tive contato com o Eyasu. Ele já se formou sim (uma figura ele haha).

O Sudipta mandou lembranças. Muito obrigado pelas palavras, e vamos levar nossa bandeira afora xD. Coincidência mesmo, até o curso em? A PUC que vc estudou foi no Paraná tbm (PUCPR)?
Quote 0 0
thiagoralves
Fiz PUC em Belo Horizonte (PUCMG). Foi muito bom o curso mas, infelizmente nem compara com o ensino das faculdades no exterior. Qual é o foco do seu doutorado agora? Estou com um monte de idéias de melhoramentos para o OpenPLC que estão meio paradas porque agora eu acabei meu doutorado. Comecei a trabalhar em uma empresa, e aí a prioridade é a empresa, né! Conversei com o meu advisor para ver se ele podia colocar alguns estudantes para por essas idéias para frente, mas ele também tem os objetivos dele, e aí fica difícil conciliar. Você sabe se tem algum estudante aí na SUTD interessado em trabalhar no OpenPLC?
Quote 0 0
lc625

Hi Mr. Alves, probably you will think about contacting the RWTH Aachen University. Especially the Institute for Energy Efficient Buildings and Indoor Climate.

https://www.ebc.eonerc.rwth-aachen.de/cms/E-ON-ERC-EBC/~dnac/Das-Institut/?lidx=1

A list of their current projects:

 https://www.ebc.eonerc.rwth-aachen.de/cms/E-ON-ERC-EBC/Forschung/Forschungsprojekte2/~nzfi/Laufende-Projekte/lidx/1/

As you can see, they develop several software tools for their research. Additionally they follow the open source idea => https://www.ebc.eonerc.rwth-aachen.de/cms/E-ON-ERC-EBC/Forschung/~modg/OPEN-SOURCE/lidx/1/

 

Because building automatization is a big theme in that institute, PLC programming must be of their interest. Additionally, I found out, that they are going to migrate the OSCAT Library to Github:

https://github.com/RWTH-EBC/AixLib/blob/master/README.md

I strongly assume, that there is an interest in open source PLC stuff. Due to the fact, that your project is the only full comprehensive open source project in this category they should be interest in OpenPLC.

Quote 0 0
thiagoralves
Thanks for the tip lc625! I'll contact them
Quote 0 0