Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > uk.comp.sys.mac > #180625 > unrolled thread
| Started by | TimS <tim@streater.me.uk> |
|---|---|
| First post | 2025-03-09 21:44 +0000 |
| Last post | 2025-03-10 18:01 +0000 |
| Articles | 5 — 4 participants |
Back to article view | Back to uk.comp.sys.mac
ESP32 - Undocumented commands found in Bluetooth chip used by a billion devices TimS <tim@streater.me.uk> - 2025-03-09 21:44 +0000
Re: ESP32 - Undocumented commands found in Bluetooth chip used by a billion devices TimS <tim@streater.me.uk> - 2025-03-09 21:50 +0000
Re: ESP32 - Undocumented commands found in Bluetooth chip used by a billion devices Jörg Lorenz <hugybear@gmx.net> - 2025-03-10 12:05 +0100
Re: ESP32 - Undocumented commands found in Bluetooth chip used by a billion devices Theo <theom+news@chiark.greenend.org.uk> - 2025-03-10 13:27 +0000
Re: ESP32 - Undocumented commands found in Bluetooth chip used by a billion devices Chris Ridd <chrisridd@mac.com> - 2025-03-10 18:01 +0000
| From | TimS <tim@streater.me.uk> |
|---|---|
| Date | 2025-03-09 21:44 +0000 |
| Subject | ESP32 - Undocumented commands found in Bluetooth chip used by a billion devices |
| Message-ID | <m36ge9Fife6U1@mid.individual.net> |
<font color="#000000">For those who program with electronics on IoT (internet of things) devices, the ESP32 has 29 undocumented commands that could be used as a ‘backdoor’.</font> <font color="#000000"></font> <font color="#000000">Below is the article that provides more details.</font> <font color="#000000"><https://www.bleepingcomputer.com/news/security/undocumented- commands-found-in-bluetooth-chip-used-by-a-billion-devices/></font> <font color="#000000"></font> <font color="#000000">Where are our Macs made these days?</font> -- Tim
[toc] | [next] | [standalone]
| From | TimS <tim@streater.me.uk> |
|---|---|
| Date | 2025-03-09 21:50 +0000 |
| Message-ID | <m36gooFigtsU1@mid.individual.net> |
| In reply to | #180625 |
On 9 Mar 2025 at 21:44:41 GMT, "TimS" <tim@streater.me.uk> wrote: > <font color="#000000">For those who program with electronics on IoT (internet > of things) devices, the ESP32 has 29 undocumented commands that could be used > as a ‘backdoor’.</font> > <font color="#000000"></font> > <font color="#000000">Below is the article that provides more details.</font> > > <fontcolor="#000000"><https://www.bleepingcomputer.com/news/security/undocum > ented-commands-found-in-bluetooth-chip-used-by-a-billion-devices/></font> > <font color="#000000"></font> > <font color="#000000">Where are our Macs made these days?</font> This business of Usenapp sticking all this markup in seems to be triggered by pasting stuff into a new post, only to find that it's got mixed up with the sig and is all the same pale grey as the sig - and then trying to fix that up. It looks OK when posted but is received as the above. -- Tim
[toc] | [prev] | [next] | [standalone]
| From | Jörg Lorenz <hugybear@gmx.net> |
|---|---|
| Date | 2025-03-10 12:05 +0100 |
| Message-ID | <vqmh15$19vj3$1@solani.org> |
| In reply to | #180626 |
On 09.03.25 22:50, TimS wrote: > On 9 Mar 2025 at 21:44:41 GMT, "TimS" <tim@streater.me.uk> wrote: > >> <font color="#000000">For those who program with electronics on IoT (internet >> of things) devices, the ESP32 has 29 undocumented commands that could be used >> as a ‘backdoor’.</font> >> <font color="#000000"></font> >> <font color="#000000">Below is the article that provides more details.</font> >> >> <fontcolor="#000000"><https://www.bleepingcomputer.com/news/security/undocum >> ented-commands-found-in-bluetooth-chip-used-by-a-billion-devices/></font> >> <font color="#000000"></font> >> <font color="#000000">Where are our Macs made these days?</font> > > This business of Usenapp sticking all this markup in seems to be triggered by > pasting stuff into a new post, only to find that it's got mixed up with the > sig and is all the same pale grey as the sig - and then trying to fix that up. > It looks OK when posted but is received as the above. They are more or less harmless. They cannot be accessed OTA as far as I understand the issue. -- "Gutta cavat lapidem." (Ovid)
[toc] | [prev] | [next] | [standalone]
| From | Theo <theom+news@chiark.greenend.org.uk> |
|---|---|
| Date | 2025-03-10 13:27 +0000 |
| Message-ID | <bSr*XO78z@news.chiark.greenend.org.uk> |
| In reply to | #180625 |
TimS <tim@streater.me.uk> wrote: > <font color="#000000">For those who program with electronics on IoT (internet > of things) devices, the ESP32 has 29 undocumented commands that could be used > as a ‘backdoor’.</font> > <font color="#000000"></font> > <font color="#000000">Below is the article that provides more details.</font> > > <font > color="#000000"><https://www.bleepingcomputer.com/news/security/undocumented- > commands-found-in-bluetooth-chip-used-by-a-billion-devices/></font> > <font color="#000000"></font> > <font color="#000000">Where are our Macs made these days?</font> It's not a backdoor: https://darkmentor.com/blog/esp32_non-backdoor/ It's some undocumented commands (which aren't uncommon) on an interface used when you already control the device. ie it's not a backdoor, it's more like a hidden panel inside your house to access some pipes you could already access by other means, and are never accessible from outside. Theo
[toc] | [prev] | [next] | [standalone]
| From | Chris Ridd <chrisridd@mac.com> |
|---|---|
| Date | 2025-03-10 18:01 +0000 |
| Message-ID | <vqn9cs$1fj67$1@dont-email.me> |
| In reply to | #180635 |
On 10/03/2025 13:27, Theo wrote: > TimS <tim@streater.me.uk> wrote: >> <font color="#000000">For those who program with electronics on IoT (internet >> of things) devices, the ESP32 has 29 undocumented commands that could be used >> as a ‘backdoor’.</font> >> <font color="#000000"></font> >> <font color="#000000">Below is the article that provides more details.</font> >> >> <font >> color="#000000"><https://www.bleepingcomputer.com/news/security/undocumented- >> commands-found-in-bluetooth-chip-used-by-a-billion-devices/></font> >> <font color="#000000"></font> >> <font color="#000000">Where are our Macs made these days?</font> > > It's not a backdoor: > https://darkmentor.com/blog/esp32_non-backdoor/ > > It's some undocumented commands (which aren't uncommon) on an interface used > when you already control the device. ie it's not a backdoor, it's more like > a hidden panel inside your house to access some pipes you could > already access by other means, and are never accessible from outside. I saw an analogy of telling your Ethernet card to change its MAC address, or send some funky packet over the wire. Seriously, whoever called this a "backdoor" should be taken out an actual backdoor and shot. The guys who figured this out seem good, the marketing folks (or whoever) in their company are very bad. -- Chris
[toc] | [prev] | [standalone]
Back to top | Article view | uk.comp.sys.mac
csiph-web