Discussion:
ESP32 - Undocumented commands found in Bluetooth chip used by a billion devices
Add Reply
TimS
4 days ago
Reply
Permalink
<font color="#000000">For those who program with electronics on IoT (internet
of things) devices, the ESP32 has 29 undocumented commands that could be used
as a ‘backdoor’.</font>
<font color="#000000"></font>
<font color="#000000">Below is the article that provides more details.</font>

<font
color="#000000"><https://www.bleepingcomputer.com/news/security/undocumented-
commands-found-in-bluetooth-chip-used-by-a-billion-devices/></font>
<font color="#000000"></font>
<font color="#000000">Where are our Macs made these days?</font>
--
Tim
TimS
4 days ago
Reply
Permalink
...
This business of Usenapp sticking all this markup in seems to be triggered by
pasting stuff into a new post, only to find that it's got mixed up with the
sig and is all the same pale grey as the sig - and then trying to fix that up.
It looks OK when posted but is received as the above.
--
Tim
Jörg Lorenz
3 days ago
Reply
Permalink
...
They are more or less harmless. They cannot be accessed OTA as far as I
understand the issue.
--
"Gutta cavat lapidem." (Ovid)
Theo
3 days ago
Reply
Permalink
...
It's not a backdoor:
https://darkmentor.com/blog/esp32_non-backdoor/

It's some undocumented commands (which aren't uncommon) on an interface used
when you already control the device. ie it's not a backdoor, it's more like
a hidden panel inside your house to access some pipes you could
already access by other means, and are never accessible from outside.

Theo
Chris Ridd
3 days ago
Reply
Permalink
...
I saw an analogy of telling your Ethernet card to change its MAC
address, or send some funky packet over the wire.

Seriously, whoever called this a "backdoor" should be taken out an
actual backdoor and shot. The guys who figured this out seem good, the
marketing folks (or whoever) in their company are very bad.
--
Chris
Loading...