this post was submitted on 08 Mar 2025
89 points (92.4% liked)

cybersecurity

3731 readers
135 users here now

An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!

Community Rules

Enjoy!

founded 2 years ago
MODERATORS
shellsharks@infosec.pub
tweedge@infosec.pub
89
Undocumented Commands Found In Bluetooth Chip Manufactured in China Used By a Billion Devices. (www.tarlogic.com)
submitted 23 hours ago* (last edited 4 hours ago) by Tea@programming.dev to c/cybersecurity@infosec.pub
10 comments fedilink hide all child comments
 

Source Link Privacy.Privacy test result

https://themarkup.org/blacklight?url=https%3A%2F%2Fwww.tarlogic.com%2Fnews%2Fbackdoor-esp32-chip-infect-ot-devices%2F&device=mobile&location=us-ca&force=false

Tarlogic Security has detected a backdoor in the ESP32, a microcontroller that enables WiFi and Bluetooth connection and is present in millions of mass-market IoT devices. Exploitation of this backdoor would allow hostile actors to conduct impersonation attacks and permanently infect sensitive devices such as mobile phones, computers, smart locks or medical equipment by bypassing code audit controls.

Update: The ESP32 "backdoor" that wasn't.

top 10 comments
sorted by: hot top controversial new old
[–] vane@lemmy.world 4 points 6 hours ago

Since when HCI is backdoor ? Someone doesn't understand how bluetooth works. HCI allows for vendor extensions by design. https://www.bluetooth.com/wp-content/uploads/Files/Specification/HTML/Core-54/out/en/host-controller-interface/host-controller-interface-functional-specification.html

[–] kolorafa@lemmy.world 1 points 5 hours ago

https://lemmy.world/post/26559432

[–] The_Decryptor@aussie.zone 15 points 18 hours ago* (last edited 18 hours ago)

Tarlogic has detected that ESP32 chips, which allow connectivity via WiFi or Bluetooth, have hidden commands not documented by the manufacturer. These commands would allow modifying the chips arbitrarily to unlock additional functionalities, infecting these chips with malicious code, and even carrying out attacks of identity theft of devices.

It's not a backdoor, it's a jailbreak. Sounds like they left the debug functionality enabled but just undocumented.

Edit: They're undocumented HCI commands, that's the protocol the host (aka CPU) uses to talk to the chip, not a remote device.

[–] Treczoks@lemmy.world 10 points 21 hours ago (1 children)

That is a big one. IoT lives off ESP32.

[–] tokudan@chaos.social 3 points 20 hours ago* (last edited 20 hours ago)

@Treczoks @Tea looks like a whole lot of nothing.
the description mentions that they are using the ESP32 as a tool using undocumented features when you are already able to program it.
They are not hacking the ESP32 from the outside.

[–] gibmiser@lemmy.world 5 points 22 hours ago (1 children)

[–] MajorHavoc@programming.dev 2 points 7 hours ago

Yeah. We found the thing we were pretty sure was there!

Though, if it's really just local debug commands, then the usual "malice vs stupidity" debate is still up for grabs.

[–] sin_free_for_00_days@sopuli.xyz 4 points 21 hours ago

And then there is trump, the illegitimate president, Russian stooge, trying to repeal the CHIPS act.

[–] taaz@biglemmowski.win 3 points 21 hours ago* (last edited 21 hours ago)

Here is hoping this will at least make it easier to take back control of tuya devices

[–] unabart@sh.itjust.works 1 points 20 hours ago

Well, at least nobody uses that tech. /s