Meshtastic developers released firmware version 2.6.11 with critical fixes:
Key generation delay: Keys are now generated when users first set their LoRa region, preventing vendor-side duplication.
Entropy improvements: Added multiple randomness sources to strengthen cryptographic initialization.
Compromised key detection: Devices now warn users if known vulnerable keys are detected.
An upcoming version (2.6.12) will automatically wipe compromised keys. For immediate protection, users should:
Update devices to firmware 2.6.11 or later.
Perform a factory reset using Meshtastic’s CLI: meshtastic –factory-reset-device.
Manually generate high-entropy keys via OpenSSL for critical deployments.
gressen @lemmy.zip - 6mon
Meshtastic developers released firmware version 2.6.11 with critical fixes:
Key generation delay: Keys are now generated when users first set their LoRa region, preventing vendor-side duplication.
Entropy improvements: Added multiple randomness sources to strengthen cryptographic initialization.
Compromised key detection: Devices now warn users if known vulnerable keys are detected.
An upcoming version (2.6.12) will automatically wipe compromised keys. For immediate protection, users should:
Update devices to firmware 2.6.11 or later.
Perform a factory reset using Meshtastic’s CLI: meshtastic –factory-reset-device.
Manually generate high-entropy keys via OpenSSL for critical deployments.
kid in meshtastic
Critical Meshtastic Flaw Allows Attackers to Decrypt Private Messages
https://gbhackers.com/critical-meshtastic-flaw/Meshtastic developers released firmware version 2.6.11 with critical fixes:
Key generation delay: Keys are now generated when users first set their LoRa region, preventing vendor-side duplication. Entropy improvements: Added multiple randomness sources to strengthen cryptographic initialization. Compromised key detection: Devices now warn users if known vulnerable keys are detected. An upcoming version (2.6.12) will automatically wipe compromised keys. For immediate protection, users should:
Update devices to firmware 2.6.11 or later. Perform a factory reset using Meshtastic’s CLI: meshtastic –factory-reset-device. Manually generate high-entropy keys via OpenSSL for critical deployments.