Meshtastic developers released firmware version 2.6.11 with critical fixes:

Key generation delay: Keys are now generated when users first set their LoRa region, preventing vendor-side duplication.

Entropy improvements: Added multiple randomness sources to strengthen cryptographic initialization.

Compromised key detection: Devices now warn users if known vulnerable keys are detected.

An upcoming version (2.6.12) will automatically wipe compromised keys. For immediate protection, users should:

Update devices to firmware 2.6.11 or later.

Perform a factory reset using Meshtastic’s CLI: meshtastic –factory-reset-device.

Manually generate high-entropy keys via OpenSSL for critical deployments.