Privacy

35067 readers

402 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS

29 Undocumented commands found in ESP-32 microcontrollers CVE-2025-27840 (www.bleepingcomputer.com)

submitted 20 hours ago by j4k3@lemmy.world to c/privacy@lemmy.ml

6 comments fedilink hide all child comments

cross-posted from: https://programming.dev/post/26664400

Tarlogic developed a new C-based USB Bluetooth driver that is hardware-independent and cross-platform, allowing direct access to the hardware without relying on OS-specific APIs.

Armed with this new tool, which enables raw access to Bluetooth traffic, Tarlogic discovered hidden vendor-specific commands (Opcode 0x3F) in the ESP32 Bluetooth firmware that allow low-level control over Bluetooth functions.

In total, they found 29 undocumented commands, collectively characterized as a "backdoor," that could be used for memory manipulation (read/write RAM and Flash), MAC address spoofing (device impersonation), and LMP/LLCP packet injection.

Espressif has not publicly documented these commands, so either they weren't meant to be accessible, or they were left in by mistake. The issue is now tracked under CVE-2025-27840.

top 6 comments

sorted by: hot top controversial new old

[–] KickMeElmo@sopuli.xyz 16 points 19 hours ago (1 children)

Seems more like a feature considering how ESP32s are used.

[–] j4k3@lemmy.world 9 points 19 hours ago (1 children)

They are in a lot of IoT devices that are not hobby and dev related too. Like my folk's smoker grill has one that is also on a ridiculous AWS connection and designed to try and stay on 24/7 like proper stalkerware nonsense.

[–] sh3llcmdr@feddit.uk 19 points 18 hours ago

https://darkmentor.com/blog/esp32_non-backdoor/

There are a number of explanations for those Opcodes. Seems like quite a few knowledgeable peeps are wading in to explain what they think the researchers are seeing. The most open peer review ever!!

[–] jjagaimo@sh.itjust.works 12 points 17 hours ago* (last edited 17 hours ago)

Not a backdoor, just undocumented commands on the hci. You would already need access to the device from the microcontroller side to leverage them. Also it's not uncommon for older devices like this to have undocumented commands

[–] HappyFrog@lemmy.blahaj.zone 3 points 15 hours ago

I don't see a spooky name and a logo; this is a dud.

[–] BOFH666@lemmy.world 3 points 7 hours ago

The statement from Espressif:

https://www.espressif.com/en/news/Response_ESP32_Bluetooth