ESP32's compromised? What do you makers make of this? How serious a "backdoor" is this? https://www.bleepingcomputer.com/news/security/undocumented-backdoor-found-in-bluetooth-chip-used-by-a-billion-devices/
3 weeks ago
So ESP32 is not only a penny microcontroller to blink an LED, but also a Bluetooth debugging board. Adorable! · 3 weeks ago
I just wanted to start messing around with the ESP32 after a long time again. I've heared about advances in rust for the ESP32 and wanted to try. Maybe I do anyway. · 3 weeks ago
@hanzbrix I was thinking it is not remotely exploitable. An attacker can't run an undocumented
command remotely.
Combined with another security issue, it becomes bad. � · 3 weeks ago
@remy @half_elf_monk It is serious enough that a CVE was issued for it, plus it is a problem in the bluetooth stack, so you can't protect from it in your software, plus even the software you write is based on the espressif library.
However, it does not seem to be a deliberate by espressif, as the attack vector is bluetooth range. · 3 weeks ago
Some code has to run on the device to be able to the undocumented command.
If you trust the software on your device, it is not exploitable. · 3 weeks ago
Bleepingcomputer changed the title:
Update 3/9/25: After receiving concerns about the use of the term 'backdoor' to refer to these undocumented commands, we have updated our title and story. · 3 weeks ago