Unidentified devices - Espressif Inc.



  • Avatar
    mobius strip

    Espressif is a company that makes low cost microcontrollers that are selected for the brains and internet connectivity by many manufacturers in a large percentage of IOT devices out there. Most often the case is that the micro controllers are Espressif’s ESP-8266’s and ESP-32’s.

    They can be found in everything from large connected appliances such as refrigerators,  dishwashers! washing machines etc, to robovacs, to very small items like smart plugs and lightbulbs. 

    Tuya is a cloud-based company that these devices phone home to for various tasks including instruction sets, updating firmware, data collection, diagnostic info, etc. Tuya is probably the most commonly selected platform of this nature by the manufactures of IOT devices.

    Possibly a firmware update pushed to some devices you added to your network in the past has changed the names of those devices in how they announce their presence to the rest of your local network (their host names… which appear to take the form of ESP_ and have their last half of their mac addresses in their hostnames)

    I deleted them from my Firewalla Gold and my Fingbox.

    sorry, but what do you mean by delete them? Did you ban and/or quarantine these Mac addresses? If so, apparently the ban was only temporary, and these devices simply reconnected using the same Wi-Fi password as they are programmed to do once they lose connectivity to a Wi-Fi network)

    I would say logically that one of these possibilities is likely what’s happening:

    1. That these devices were already connected to your network but were previously labeled something else OR
    2. you really do have new devices connected to your network. Whether or not they are malicious is something you have to determine by checking with family members and then by first by checking to see what devices in your home are known to you have Internet connectivity capability and probably cutting power to each ot them one at a time until they disappear from your Wi-Fi network… I would probably log in directly to your access point or whatever you’re using for Wi-Fi on your Firewalla gold to see when any of these Mac addresses you provided  drops off as it will be faster than waiting for the cloud to sync your FWG and/or Fing box.
      Or if you’d rather, The most simple brute force solution is to change your Wi-Fi password and reconnect all of your legitimate Wi-Fi devices.

    (This  isn’t as likely to apply here, but technically MAC addresses can be easily spoofed, to appear as legitimate and/or pretend to be a known and authorized device… obviously this would only be done if these are malicious devices and someone cracked your Wi-Fi password, which can be done if it’s not very complicated and you are using WPA 1 or 2 or WEP wi-Fi encryption)

    Comment actions Permalink
  • Avatar
    Josh Powell

    Nevermind... I finally found out what it was.  Lol.  Merkury Innovations Smart Wi-Fi Edison B11 Bulbs.  Silly me.

    Comment actions Permalink
  • Avatar

    My personal way to control these is "block" and ask questions later

    Comment actions Permalink

Please sign in to leave a comment.