Critical Meshtastic Flaw Allows Attackers to Decrypt Private Messages
Critical Meshtastic Flaw Allows Attackers to Decrypt Private Messages
Critical Meshtastic Flaw Allows Attackers to Decrypt Private Messages
Meshtastic developers released firmware version 2.6.11 with critical fixes:
Key generation delay: Keys are now generated when users first set their LoRa region, preventing vendor-side duplication. Entropy improvements: Added multiple randomness sources to strengthen cryptographic initialization. Compromised key detection: Devices now warn users if known vulnerable keys are detected. An upcoming version (2.6.12) will automatically wipe compromised keys. For immediate protection, users should:
Update devices to firmware 2.6.11 or later. Perform a factory reset using Meshtastic’s CLI: meshtastic –factory-reset-device. Manually generate high-entropy keys via OpenSSL for critical deployments.