this post was submitted on 08 Mar 2025
268 points (93.5% liked)

Technology

64937 readers
3971 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
268
Undocumented "backdoor" found in Bluetooth chip used by a billion devices (www.bleepingcomputer.com)
submitted 1 day ago by excel24@feddit.org to c/technology@lemmy.world
19 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] Buelldozer@lemmy.today 0 points 1 day ago (1 children)

How many consumer devices do you think have this exact bluetooth chip?

Hundreds of millions. They're used in an almost uncountable number of IoT devices. It's entirely possible that there's a handful of 'em, or more, in your house. Absolutely anything "smart" that uses WiFi or Bluetooth could have one including sprinkler controllers, door locks, lightbulbs, appliances both large and small, garage door openers, and remote controlled power plugs.

Espressif has sold a huge number of ESP32 chips. This isn't some uncommon no-name manufacturer or chip. It's used at scale and has been for years.

That you aren't personally aware of it only means that you have a blind spot.

[–] Xanza@lemm.ee 4 points 1 day ago

Hundreds of millions. They’re used in an almost uncountable number of IoT devices.

It's only this specific chip that is affected. It's not all bluetooth chips. The article doesn't even specify which of their tens of chips is affected; ESP32-D0WD-V3, ESP32-D0WDR2-V3, ESP32-U4WDH, ESP32-PICO-V3, ESP32-PICO-V3-02, or the ESP32-PICO-D4.

Even if it were all of them, and even if it were hundreds of millions of devices it would still pale in comparison to HeartBleed in all aspects. It's an interesting but sophisticated attack vector which severely limits its usage. But lets say you execute a MITM attack from one of these ESP32 chips. What are you feasibly able to do? A MITM attack? Considering these are all low power devices its extremely unlikely that they would be able to output enough power to overtake your home AP. Without doing more research on it, the actual attack surface is opaque. I mean, I guess a guy in China can remotely turn on your sprinklers or get your WiFi password... Lot of good that's gonna do him from China.