this post was submitted on 08 Mar 2025
40 points (93.5% liked)

Technology

2094 readers
153 users here now

Which posts fit here?

Anything that is at least tangentially connected to the technology, social media platforms, informational technologies and tech policy.

Rules

1. English onlyTitle and associated content has to be in English.
2. Use original linkPost URL should be the original link to the article (even if paywalled) and archived copies left in the body. It allows avoiding duplicate posts when cross-posting.
3. Respectful communicationAll communication has to be respectful of differing opinions, viewpoints, and experiences.
4. InclusivityEveryone is welcome here regardless of age, body size, visible or invisible disability, ethnicity, sex characteristics, gender identity and expression, education, socio-economic status, nationality, personal appearance, race, caste, color, religion, or sexual identity and orientation.
5. Ad hominem attacksAny kind of personal attacks are expressly forbidden. If you can't argue your position without attacking a person's character, you already lost the argument.
6. Off-topic tangentsStay on topic. Keep it relevant.
7. Instance rules may applyIf something is not covered by community rules, but are against lemmy.zip instance rules, they will be enforced.

Companion communities

!globalnews@lemmy.zip
!interestingshare@lemmy.zip

Icon attribution | Banner attribution

If someone is interested in moderating this community, message @brikox@lemmy.zip.

founded 1 year ago
MODERATORS
BrikoX@lemmy.zip
40
Undocumented Commands Found In Bluetooth Chip Manufactured in China Used By a Billion Devices. (www.tarlogic.com)
submitted 1 day ago* (last edited 6 hours ago) by Tea@programming.dev to c/technology@lemmy.zip
4 comments fedilink hide all child comments
 

Source Link Privacy.Privacy test result

https://themarkup.org/blacklight?url=https%3A%2F%2Fwww.tarlogic.com%2Fnews%2Fbackdoor-esp32-chip-infect-ot-devices%2F&device=mobile&location=us-ca&force=false

Tarlogic Security has detected a backdoor in the ESP32, a microcontroller that enables WiFi and Bluetooth connection and is present in millions of mass-market IoT devices. Exploitation of this backdoor would allow hostile actors to conduct impersonation attacks and permanently infect sensitive devices such as mobile phones, computers, smart locks or medical equipment by bypassing code audit controls.

Update: The ESP32 "backdoor" that wasn't.

you are viewing a single comment's thread
view the rest of the comments
[–] notanapple@lemm.ee 3 points 21 hours ago* (last edited 21 hours ago) (2 children)

I saw a comment somewhere that to exploit this a person has to be physically in the area (i think it was in a radius of few meters iirc). Thats not much better i guess since its not hard to be around random iot devices but it at least prevents mass attacks (if true).

[–] rumba@lemmy.zip 2 points 6 hours ago

Sounds like the attack is Bluetooth based itself.

So if somebody has command and control over any IoT device with Bluetooth....

[–] MrTolkinghoen@lemmy.zip 6 points 19 hours ago

I really haven't seen any details. Most comments I've read indicate they think you already have to have access to the device and that this is just undocumented opcode calls. I.e. not a remote Bluetooth stack issue or remotely exploitable.

Given an opcode, as noted in the article (vague on details) and yes, I did read it. This doesn't give me much cause for alarm.