Critical Meshtastic Flaw Allows Attackers to Decrypt Private Messages (gbhackers.com)

submitted 2 weeks ago by [email protected] to c/[email protected]

1 comments fedilink hide all child comments

Meshtastic developers released firmware version 2.6.11 with critical fixes:

Key generation delay: Keys are now generated when users first set their LoRa region, preventing vendor-side duplication. Entropy improvements: Added multiple randomness sources to strengthen cryptographic initialization. Compromised key detection: Devices now warn users if known vulnerable keys are detected. An upcoming version (2.6.12) will automatically wipe compromised keys. For immediate protection, users should:

Update devices to firmware 2.6.11 or later. Perform a factory reset using Meshtastic’s CLI: meshtastic –factory-reset-device. Manually generate high-entropy keys via OpenSSL for critical deployments.

top 1 comments

sorted by: hot top new old

[-] [email protected] 4 points 2 weeks ago

Meshtastic developers released firmware version 2.6.11 with critical fixes:

Key generation delay: Keys are now generated when users first set their LoRa region, preventing vendor-side duplication.

Entropy improvements: Added multiple randomness sources to strengthen cryptographic initialization.

Compromised key detection: Devices now warn users if known vulnerable keys are detected.

An upcoming version (2.6.12) will automatically wipe compromised keys. For immediate protection, users should:

Update devices to firmware 2.6.11 or later.

Perform a factory reset using Meshtastic’s CLI: meshtastic –factory-reset-device.

Manually generate high-entropy keys via OpenSSL for critical deployments.

this post was submitted on 25 Jun 2025

33 points (100.0% liked)

Meshtastic

970 readers

1 users here now

A community to discuss Meshtastic (https://meshtastic.org/docs/introduction)

founded 2 years ago

MODERATORS

[email protected]