Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]


Groups > uk.comp.sys.mac > #180637

Re: ESP32 - Undocumented commands found in Bluetooth chip used by a billion devices

From Chris Ridd <chrisridd@mac.com>
Newsgroups uk.comp.sys.mac
Subject Re: ESP32 - Undocumented commands found in Bluetooth chip used by a billion devices
Date 2025-03-10 18:01 +0000
Organization A noiseless patient Spider
Message-ID <vqn9cs$1fj67$1@dont-email.me> (permalink)
References <m36ge9Fife6U1@mid.individual.net> <bSr*XO78z@news.chiark.greenend.org.uk>

Show all headers | View raw


On 10/03/2025 13:27, Theo wrote:
> TimS <tim@streater.me.uk> wrote:
>> <font color="#000000">For those who program with electronics on IoT (internet
>> of things) devices, the ESP32 has 29 undocumented commands that could be used
>> as a ‘backdoor’.</font>
>> <font color="#000000"></font>
>> <font color="#000000">Below is the article that provides more details.</font>
>>
>> <font
>> color="#000000"><https://www.bleepingcomputer.com/news/security/undocumented-
>> commands-found-in-bluetooth-chip-used-by-a-billion-devices/></font>
>> <font color="#000000"></font>
>> <font color="#000000">Where are our Macs made these days?</font>
> 
> It's not a backdoor:
> https://darkmentor.com/blog/esp32_non-backdoor/
> 
> It's some undocumented commands (which aren't uncommon) on an interface used
> when you already control the device.  ie it's not a backdoor, it's more like
> a hidden panel inside your house to access some pipes you could
> already access by other means, and are never accessible from outside.

I saw an analogy of telling your Ethernet card to change its MAC 
address, or send some funky packet over the wire.

Seriously, whoever called this a "backdoor" should be taken out an 
actual backdoor and shot. The guys who figured this out seem good, the 
marketing folks (or whoever) in their company are very bad.

-- 
Chris

Back to uk.comp.sys.mac | Previous | NextPrevious in thread | Find similar | Unroll thread


Thread

ESP32 - Undocumented commands found in Bluetooth chip used by a billion devices TimS <tim@streater.me.uk> - 2025-03-09 21:44 +0000
  Re: ESP32 - Undocumented commands found in Bluetooth chip used by a billion devices TimS <tim@streater.me.uk> - 2025-03-09 21:50 +0000
    Re: ESP32 - Undocumented commands found in Bluetooth chip used by a billion devices Jörg Lorenz <hugybear@gmx.net> - 2025-03-10 12:05 +0100
  Re: ESP32 - Undocumented commands found in Bluetooth chip used by a billion devices Theo <theom+news@chiark.greenend.org.uk> - 2025-03-10 13:27 +0000
    Re: ESP32 - Undocumented commands found in Bluetooth chip used by a billion devices Chris Ridd <chrisridd@mac.com> - 2025-03-10 18:01 +0000

csiph-web