Groups | Search | Server Info | Keyboard shortcuts | Login | Register
| From | Salvador Mirzo <smirzo@example.com> |
|---|---|
| Newsgroups | comp.misc |
| Subject | Re: undocumented backdoor found in ESP32 |
| Date | 2025-03-10 03:30 -0300 |
| Organization | A noiseless patient Spider |
| Message-ID | <87plip4cur.fsf@example.com> (permalink) |
| References | <87ldtf9hmw.fsf@example.com> <vqkcla$q1ta$1@dont-email.me> <67ce09c2@news.ausics.net> |
not@telling.you.invalid (Computer Nerd Kev) writes: > John McCue <jmccue@qball.jmcunx.com> wrote: >> In comp.misc Salvador Mirzo <smirzo@example.com> wrote: >>> Undocumented "backdoor" found in Bluetooth chip used by a billion devices >>> Bill Toulas March 8, 2025 11:12 AM >>> >>> The ubiquitous ESP32 microchip made by Chinese manufacturer Espressif >>> and used by over 1 billion units as of 2023 contains an undocumented >>> "backdoor" that could be leveraged for attacks. >> >> Looks like there is more than meets the eye: >> >> This refutes the claim that researchers found a "backdoor" >> https://darkmentor.com/blog/esp32_non-backdoor/ > > Yes it's an odd definition of backdoor where the attacker must > already have full control over the device via the HCI commands > which are how bluetooth controllers are controlled by a host > system. The "backdoor" is that the host system can give the > bluetooth controller some extra debugging commands, but security > over the device's behavior has already been lost by the time an > attacker is able to send standard HCI commands anyway. Thanks for this explanation. Apologies if I bought into misinformation here. Nevertheless, I think the report is healthy---the very post at darkmentor.com answers ``it depends'' when they ask whether it's a security vulnerability. I think the healthiest thing from hardware vendors is to document *everything*, although they have the right to reserve whatever they want for future changes, say. (Even if this doesn't work well in practice for the hardware vendors themselves; my perspective here is merely security.) > Also the "C-based USB Bluetooth driver" by Tarlogic, which sounds > like a cross-platform equivalent for what you can do on Linux with > Wireshark, is beside the point because they found the undocumented > HCI commands by reverse engineering the ESP32 ROM downloaded from > GitHub, not by looking at USB communications. That seems to be just > an ad for their product. It could be. Well observed. > This does demonstrate the case for open-source firmware on such > devices as Bluetooth controllers, which would allow these details > to be discovered without someone needing an incentive to invest in > reverse-engineering the binary ROMs. It's a better ad for > open-source firmware than for Tarlogic's USB Bluetooth driver. > Except that nobody(?) does open-source Bluetooth controller > firmwares to begin with. Totally agreed.
Back to comp.misc | Previous | Next — Previous in thread | Next in thread | Find similar
undocumented backdoor found in ESP32 Salvador Mirzo <smirzo@example.com> - 2025-03-08 21:23 -0300
Re: undocumented backdoor found in ESP32 John McCue <jmccue@qball.jmcunx.com> - 2025-03-09 15:38 +0000
Re: undocumented backdoor found in ESP32 not@telling.you.invalid (Computer Nerd Kev) - 2025-03-10 07:36 +1000
Re: undocumented backdoor found in ESP32 Salvador Mirzo <smirzo@example.com> - 2025-03-10 03:30 -0300
Re: undocumented backdoor found in ESP32 D <nospam@example.net> - 2025-03-09 22:37 +0100
csiph-web