docs: Add pentest results and update project docs
Executed non-invasive pentest against amber-maple (v1.12-dev): - Phase 1: mDNS, port scan, binary analysis, eFuse readout - Phase 2: HMAC timing, command injection (27 tests), replay (6 tests) - Phase 3: NVS analysis, CVE check (12 CVEs), binary structure All network-facing tests PASS. Physical security gaps documented.
This commit is contained in:
user
30
TASKS.md
30
TASKS.md
@@ -2,6 +2,34 @@
|
||||
|
||||
**Last Updated:** 2026-02-14
|
||||
|
||||
## Completed: v1.12-dev — Security Hardening & Pentest
|
||||
|
||||
Security hardening deployed to amber-maple. Full pentest executed 2026-02-14.
|
||||
|
||||
- [x] Auth whitelist: only read-only queries work without HMAC auth
|
||||
- [x] AUTH OFF disabled remotely (serial console or FACTORY reset only)
|
||||
- [x] HMAC 128-bit (32 hex chars), replay window +/-5s, nonce dedup cache (8 entries)
|
||||
- [x] STATUS split: minimal (unauthed) vs full (authed) response
|
||||
- [x] Rate limiter: 50ms inter-command throttle (20 cmd/s max)
|
||||
- [x] NVS write throttle: 20 writes per 10s window
|
||||
- [x] CSI buffer bounds checking (UDP_REM macro)
|
||||
- [x] PMF (802.11w) required: `CONFIG_ESP_WIFI_PMF_REQUIRED=y`
|
||||
- [x] mDNS: hostname only, no service advertisement
|
||||
- [x] Serial console AUTH management (UART0, 921600 baud)
|
||||
- [x] ALERT command (temp/heap thresholds, EVENT emission)
|
||||
- [x] Secret auto-generated on first boot, redacted in boot log
|
||||
- [x] Pentest: mDNS service discovery — PASS (no service ads)
|
||||
- [x] Pentest: Port scan — PASS (only 5353/udp + 5501/udp open, 0 TCP)
|
||||
- [x] Pentest: Firmware binary analysis — PASS (no hardcoded secrets)
|
||||
- [x] Pentest: eFuse readout — all security fuses unburned (expected for dev)
|
||||
- [x] Pentest: HMAC timing oracle — PASS (constant-time comparison effective)
|
||||
- [x] Pentest: Command injection (27 tests) — PASS (all handled safely)
|
||||
- [x] Pentest: Replay attack (6 tests) — PASS (all rejected)
|
||||
- [x] Pentest: NVS partition analysis — auth_secret in plaintext (expected without flash encryption)
|
||||
- [x] Pentest: ESP-IDF CVE check (12 CVEs) — 8 N/A, 4 LOW risk
|
||||
- [x] Pentest: Binary structure — no stack canaries, no heap poisoning (fix recommended)
|
||||
- [x] Pentest results documented in `docs/PENTEST-RESULTS.md`
|
||||
|
||||
## Completed: v1.11.0 — Diagnostics & Usability
|
||||
|
||||
Deployed to fleet 2026-02-14.
|
||||
@@ -23,6 +51,8 @@ Tracked separately in `~/git/esp32-web/TASKS.md`. Currently at v0.1.5.
|
||||
|
||||
### P1 - High
|
||||
- [x] Test OTA rollback — crasher firmware flashed to amber-maple, bootloader rolled back to v1.11.0 (2026-02-14)
|
||||
- [ ] Enable stack canaries: `CONFIG_COMPILER_STACK_CHECK_MODE_NORM=y`
|
||||
- [ ] Enable heap poisoning: `CONFIG_HEAP_POISONING_LIGHT=y`
|
||||
|
||||
### P2 - Normal
|
||||
- [ ] Tune presence threshold per room with real-world testing
|
||||
|
||||
Reference in New Issue
Block a user