this post was submitted on 11 Mar 2025
37 points (95.1% liked)

Technology

66067 readers
4695 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
37
ESP32 Undocumented Bluetooth Commands: Clearing the Air · Developer Portal (developer.espressif.com)
submitted 1 day ago by doopinglouie@feddit.org to c/technology@lemmy.world
6 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] Korkki@lemmy.ml 26 points 1 day ago (4 children)

In such a system, the ESP32 fully trusts the host. If an attacker maliciously gains control over the host system, they could potentially issue these debug commands to influence ESP32’s behavior. However, an attacker must first compromise the host device, making this a second-stage attack vector rather than a standalone vulnerability. Or, gain a physical access to the device to send the HCI commands over serial interface.

Does this even count as backdoor? Not really if you have to have access to the device in the first place.

https://www.youtube.com/watch?v=ndM369oJ0tk

[–] partial_accumen@lemmy.world 3 points 1 day ago (3 children)

It certainly opens up lost of "evil maid" attacks.

[–] JWBananas@lemmy.world 1 points 1 day ago

Does it? The quoted passage is also in reference to a less commonly used configuration, in which it is basically used as a communications coprocessor.

load more comments (2 replies)
load more comments (2 replies)