Scattered Clouds
clouds

18 April 2024

Amman

Thursday

71.6 F

22°

Home / Gotcha

Undocumented commands found in Bluetooth chip used by a billion devices

13-03-2025 01:54 PM


Ammon News - After receiving concerns about the use of the term 'backdoor' to refer to these undocumented commands, we have updated our title and story. Our original story can be found here.

The ubiquitous ESP32 microchip made by Chinese manufacturer Espressif and used by over 1 billion units as of 2023 contains undocumented commands that could be leveraged for attacks.

The undocumented commands allow spoofing of trusted devices, unauthorized data access, pivoting to other devices on the network, and potentially establishing long-term persistence.

This was discovered by Spanish researchers Miguel Tarascó Acuña and Antonio Vázquez Blanco of Tarlogic Security, who presented their findings yesterday at RootedCON in Madrid.

"Tarlogic Security has detected a backdoor in the ESP32, a microcontroller that enables WiFi and Bluetooth connection and is present in millions of mass-market IoT devices," reads a Tarlogic announcement shared with BleepingComputer.

"Exploitation of this backdoor would allow hostile actors to conduct impersonation attacks and permanently infect sensitive devices such as mobile phones, computers, smart locks or medical equipment by bypassing code audit controls."

The researchers warned that ESP32 is one of the world's most widely used chips for Wi-Fi + Bluetooth connectivity in IoT (Internet of Things) devices, so the risk is significant. Bleeping computer




No comments

Notice
All comments are reviewed and posted only if approved.
Ammon News reserves the right to delete any comment at any time, and for any reason, and will not publish any comment containing offense or deviating from the subject at hand, or to include the names of any personalities or to stir up sectarian, sectarian or racial strife, hoping to adhere to a high level of the comments as they express The extent of the progress and culture of Ammon News' visitors, noting that the comments are expressed only by the owners.
name : *
email
show email
comment : *
Verification code : Refresh
write code :