Finally, some technical details that were sorely lacking from yesterday's article.
Anyway, having direct unprivileged R/W access to platform memory is indeed a security hole, no matter the vendor.
this post was submitted on 09 Mar 2025
179 points (96.9% liked)
Technology
65389 readers
4311 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 2 years ago
MODERATORS
Anyway, having direct unprivileged R/W access to platform memory is indeed a security hole, no matter the vendor.
It is not. ESP32 is an embedded chip with less than one megabyte of RAM. It cannot run apps or load websites with any malicious code, it only runs the firmware that you flash on it, nothing else, and of course your firmware has full access to every chip feature. If your firmware has a security hole, it's not the chip's fault.
I mean, this doesn't really change anything from a practical perspective. It just highlights that the verbage in the press release was alarmist.
It's still a security concern that most users will be unaware of.
Yes, in the sense that every device you own has these same commands
The alarmist of the original was that this was somehow unique to the esp32
If your device has Bluetooth, it has these commands
Overall we at Dark Mentor do consider the use of VSCs granting the capability to read and write memory, flash, or registers to be bad security design. It’s bad design for Espressif the same as it’s bad design for Broadcom, Texas Instruments, and any other vendor that uses it. This issue is now being tracked as CVE-2025-27840.
Thanks. I was looking for an explanation like this
But but it's Chinese and Chinese tech bad
I tried to offer a gentler backgrounder on this HCI business: https://lemmy.ml/comment/17160273
The opcodes that actually jumped out at me more than the undocumented ones were the ones that erases the flash.
But the conclusion stands. None of this is a 'backdoor' unless you can secretly access it from the wireless side and nothing in the presentation points to that. If I had to guess, the opcodes are for QA and tuning on the manufacturing line.