this post was submitted on 11 Mar 2025
36 points (95.0% liked)

Technology

65819 readers
5133 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
36
ESP32 Undocumented Bluetooth Commands: Clearing the Air · Developer Portal (developer.espressif.com)
submitted 16 hours ago by doopinglouie@feddit.org to c/technology@lemmy.world
6 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] Korkki@lemmy.ml 25 points 16 hours ago (4 children)

In such a system, the ESP32 fully trusts the host. If an attacker maliciously gains control over the host system, they could potentially issue these debug commands to influence ESP32’s behavior. However, an attacker must first compromise the host device, making this a second-stage attack vector rather than a standalone vulnerability. Or, gain a physical access to the device to send the HCI commands over serial interface.

Does this even count as backdoor? Not really if you have to have access to the device in the first place.

https://www.youtube.com/watch?v=ndM369oJ0tk

[–] partial_accumen@lemmy.world 3 points 16 hours ago (2 children)

It certainly opens up lost of "evil maid" attacks.

[–] NeoNachtwaechter@lemmy.world 10 points 15 hours ago (1 children)

An ESP32 is a powerful thing, but it is also a microcontroller.

They are programmable as soon as you have physical access. They are NOT like whole PC's that you can lock up with passwords etc.

More like a gun that you can fire as soon as you have physical access.

I wonder where the expectation has come from? People seem to think that it should be different than it is.

[–] pelya@lemmy.world 4 points 12 hours ago

That's because the article that started the whole argument tried very hard to present an expected behavior for embedded chips as a security hole.

[–] JWBananas@lemmy.world 1 points 15 hours ago

Does it? The quoted passage is also in reference to a less commonly used configuration, in which it is basically used as a communications coprocessor.

load more comments (1 replies)