this post was submitted on 08 Mar 2025
268 points (93.5% liked)

Technology

64937 readers
3971 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
268
Undocumented "backdoor" found in Bluetooth chip used by a billion devices (www.bleepingcomputer.com)
submitted 1 day ago by excel24@feddit.org to c/technology@lemmy.world
19 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] tal@lemmy.today 27 points 1 day ago (1 children)

Armed with this new tool, which enables raw access to Bluetooth traffic, Targolic discovered hidden vendor-specific commands (Opcode 0x3F) in the ESP32 Bluetooth firmware that allow low-level control over Bluetooth functions.

In total, they found 29 undocumented commands, collectively characterized as a "backdoor," that could be used for memory manipulation (read/write RAM and Flash), MAC address spoofing (device impersonation), and LMP/LLCP packet injection.

Espressif has not publicly documented these commands, so either they weren't meant to be accessible, or they were left in by mistake.

I'd kind of like to know whether these can be used against an unpaired device or not. That'd seem to have a pretty dramatic impact on the scope of the vulnerability.

[–] CosmicCleric@lemmy.world 1 points 1 day ago* (last edited 1 day ago) (1 children)

From the article ...

The ubiquitous ESP32 microchip made by Chinese manufacturer Espressif and used by over 1 billion units as of 2023

From the person I'm replying to ...

I’d kind of like to know whether these can be used against an unpaired device or not. That’d seem to have a pretty dramatic impact on the scope of the vulnerability.

Don't see how that would matter much. The "scope of the vulnerability" is sufficiently large enough that it should not be partially or otherwise discredited as a risk.

If someone owns a Bluetooth device, then its fair to think that at some point they'd actually use it, being vulnerable to the backdoor access. That's billions of uses right there, on a regular basis.

From the article ...

The researchers warned that ESP32 is one of the world's most widely used chips for Wi-Fi + Bluetooth connectivity in IoT (Internet of Things) devices, so the risk of any backdoor in them is significant.

~This~ ~comment~ ~is~ ~licensed~ ~under~ ~CC~ ~BY-NC-SA~ ~4.0~

[–] rezifon@lemmy.world 2 points 1 day ago

It’s a reasonable question. There are countless devices using esp32 chips which do not use the Bluetooth parts of the chip at all.