Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]


Groups > uk.comp.sys.mac > #180625 > unrolled thread

ESP32 - Undocumented commands found in Bluetooth chip used by a billion devices

Started byTimS <tim@streater.me.uk>
First post2025-03-09 21:44 +0000
Last post2025-03-10 18:01 +0000
Articles 5 — 4 participants

Back to article view | Back to uk.comp.sys.mac


Contents

  ESP32 - Undocumented commands found in Bluetooth chip used by a billion devices TimS <tim@streater.me.uk> - 2025-03-09 21:44 +0000
    Re: ESP32 - Undocumented commands found in Bluetooth chip used by a billion devices TimS <tim@streater.me.uk> - 2025-03-09 21:50 +0000
      Re: ESP32 - Undocumented commands found in Bluetooth chip used by a billion devices Jörg Lorenz <hugybear@gmx.net> - 2025-03-10 12:05 +0100
    Re: ESP32 - Undocumented commands found in Bluetooth chip used by a billion devices Theo <theom+news@chiark.greenend.org.uk> - 2025-03-10 13:27 +0000
      Re: ESP32 - Undocumented commands found in Bluetooth chip used by a billion devices Chris Ridd <chrisridd@mac.com> - 2025-03-10 18:01 +0000

#180625 — ESP32 - Undocumented commands found in Bluetooth chip used by a billion devices

FromTimS <tim@streater.me.uk>
Date2025-03-09 21:44 +0000
SubjectESP32 - Undocumented commands found in Bluetooth chip used by a billion devices
Message-ID<m36ge9Fife6U1@mid.individual.net>
<font color="#000000">For those who program with electronics on IoT (internet
of things) devices, the ESP32 has 29 undocumented commands that could be used
as a ‘backdoor’.</font>
<font color="#000000"></font>
<font color="#000000">Below is the article that provides more details.</font>

<font
color="#000000"><https://www.bleepingcomputer.com/news/security/undocumented-
commands-found-in-bluetooth-chip-used-by-a-billion-devices/></font>
<font color="#000000"></font>
<font color="#000000">Where are our Macs made these days?</font>

-- 
Tim

[toc] | [next] | [standalone]


#180626

FromTimS <tim@streater.me.uk>
Date2025-03-09 21:50 +0000
Message-ID<m36gooFigtsU1@mid.individual.net>
In reply to#180625
On 9 Mar 2025 at 21:44:41 GMT, "TimS" <tim@streater.me.uk> wrote:

> <font color="#000000">For those who program with electronics on IoT (internet
> of things) devices, the ESP32 has 29 undocumented commands that could be used
> as a ‘backdoor’.</font>
> <font color="#000000"></font>
> <font color="#000000">Below is the article that provides more details.</font>
> 
> <fontcolor="#000000"><https://www.bleepingcomputer.com/news/security/undocum
> ented-commands-found-in-bluetooth-chip-used-by-a-billion-devices/></font>
> <font color="#000000"></font>
> <font color="#000000">Where are our Macs made these days?</font>

This business of Usenapp sticking all this markup in seems to be triggered by
pasting stuff into a new post, only to find that it's got mixed up with the
sig and is all the same pale grey as the sig - and then trying to fix that up.
It looks OK when posted but is received as the above.

-- 
Tim

[toc] | [prev] | [next] | [standalone]


#180630

FromJörg Lorenz <hugybear@gmx.net>
Date2025-03-10 12:05 +0100
Message-ID<vqmh15$19vj3$1@solani.org>
In reply to#180626
On 09.03.25 22:50, TimS wrote:
> On 9 Mar 2025 at 21:44:41 GMT, "TimS" <tim@streater.me.uk> wrote:
> 
>> <font color="#000000">For those who program with electronics on IoT (internet
>> of things) devices, the ESP32 has 29 undocumented commands that could be used
>> as a ‘backdoor’.</font>
>> <font color="#000000"></font>
>> <font color="#000000">Below is the article that provides more details.</font>
>>
>> <fontcolor="#000000"><https://www.bleepingcomputer.com/news/security/undocum
>> ented-commands-found-in-bluetooth-chip-used-by-a-billion-devices/></font>
>> <font color="#000000"></font>
>> <font color="#000000">Where are our Macs made these days?</font>
> 
> This business of Usenapp sticking all this markup in seems to be triggered by
> pasting stuff into a new post, only to find that it's got mixed up with the
> sig and is all the same pale grey as the sig - and then trying to fix that up.
> It looks OK when posted but is received as the above.

They are more or less harmless. They cannot be accessed OTA as far as I 
understand the issue.


-- 
"Gutta cavat lapidem." (Ovid)

[toc] | [prev] | [next] | [standalone]


#180635

FromTheo <theom+news@chiark.greenend.org.uk>
Date2025-03-10 13:27 +0000
Message-ID<bSr*XO78z@news.chiark.greenend.org.uk>
In reply to#180625
TimS <tim@streater.me.uk> wrote:
> <font color="#000000">For those who program with electronics on IoT (internet
> of things) devices, the ESP32 has 29 undocumented commands that could be used
> as a ‘backdoor’.</font>
> <font color="#000000"></font>
> <font color="#000000">Below is the article that provides more details.</font>
> 
> <font
> color="#000000"><https://www.bleepingcomputer.com/news/security/undocumented-
> commands-found-in-bluetooth-chip-used-by-a-billion-devices/></font>
> <font color="#000000"></font>
> <font color="#000000">Where are our Macs made these days?</font>

It's not a backdoor:
https://darkmentor.com/blog/esp32_non-backdoor/

It's some undocumented commands (which aren't uncommon) on an interface used
when you already control the device.  ie it's not a backdoor, it's more like
a hidden panel inside your house to access some pipes you could
already access by other means, and are never accessible from outside.

Theo

[toc] | [prev] | [next] | [standalone]


#180637

FromChris Ridd <chrisridd@mac.com>
Date2025-03-10 18:01 +0000
Message-ID<vqn9cs$1fj67$1@dont-email.me>
In reply to#180635
On 10/03/2025 13:27, Theo wrote:
> TimS <tim@streater.me.uk> wrote:
>> <font color="#000000">For those who program with electronics on IoT (internet
>> of things) devices, the ESP32 has 29 undocumented commands that could be used
>> as a ‘backdoor’.</font>
>> <font color="#000000"></font>
>> <font color="#000000">Below is the article that provides more details.</font>
>>
>> <font
>> color="#000000"><https://www.bleepingcomputer.com/news/security/undocumented-
>> commands-found-in-bluetooth-chip-used-by-a-billion-devices/></font>
>> <font color="#000000"></font>
>> <font color="#000000">Where are our Macs made these days?</font>
> 
> It's not a backdoor:
> https://darkmentor.com/blog/esp32_non-backdoor/
> 
> It's some undocumented commands (which aren't uncommon) on an interface used
> when you already control the device.  ie it's not a backdoor, it's more like
> a hidden panel inside your house to access some pipes you could
> already access by other means, and are never accessible from outside.

I saw an analogy of telling your Ethernet card to change its MAC 
address, or send some funky packet over the wire.

Seriously, whoever called this a "backdoor" should be taken out an 
actual backdoor and shot. The guys who figured this out seem good, the 
marketing folks (or whoever) in their company are very bad.

-- 
Chris

[toc] | [prev] | [standalone]


Back to top | Article view | uk.comp.sys.mac


csiph-web