Technology @lemmy.world Tea @programming.dev 1d ago

Undocumented Commands Found In Bluetooth Chip Manufactured in China Used By a Billion Devices.

www.tarlogic.com /news/backdoor-esp32-chip-infect-ot-devices/

Source Link Privacy.

Privacy test result

https://themarkup.org/blacklight?url=https%3A%2F%2Fwww.tarlogic.com%2Fnews%2Fbackdoor-esp32-chip-infect-ot-devices%2F&device=mobile&location=us-ca&force=false

Tarlogic Security has detected a backdoor in the ESP32, a microcontroller that enables WiFi and Bluetooth connection and is present in millions of mass-market IoT devices. Exploitation of this backdoor would allow hostile actors to conduct impersonation attacks and permanently infect sensitive devices such as mobile phones, computers, smart locks or medical equipment by bypassing code audit controls.

Update: The ESP32 "backdoor" that wasn't.

174

cybersecurity @infosec.pub Tea @programming.dev 1d ago

Undocumented Commands Found In Bluetooth Chip Manufactured in China Used By a Billion Devices.

www.tarlogic.com /news/backdoor-esp32-chip-infect-ot-devices/

86 10

Technology @lemmy.zip Tea @programming.dev 1d ago

Undocumented Commands Found In Bluetooth Chip Manufactured in China Used By a Billion Devices.

www.tarlogic.com /news/backdoor-esp32-chip-infect-ot-devices/

38 4

Hacker News @lemmy.bestiver.se RSS Bot @lemmy.bestiver.se

BOT

1d ago

Backdoor detected in ESP32 Espressif IoT chip

www.tarlogic.com /news/backdoor-esp32-chip-infect-ot-devices/

6 0

You're viewing a single thread.

174 comments

The Chinese adding back doors into their software/hardware.

Say it ain't so!
- It ain't so.
  
  To use the "backdoor" an attacker needs to have full access to the esp32 powered device already.
  
  It's like claiming that being able to leave your desk without locking your PC is a backdoor in your OS.
  
  Yes, this is about undocumented instructions found in the silicon but they are not executable unless the ESP32's firmware uses them. Firmware cannot be edited to use them unless you have an existing vulnerability such as physical access or insecure OTA in existing firmware (as far as researchers know).
  
  It is good to question the "backdoor" allegations - maybe the instructions' microcode was buggy and they didn't want to release it.
- Say it ain't so
  Your bug is a heartbleeder
  Say it ain't so
  My NIC is a bytetaker
- tech backdoors are only okay when us good guys require em
  
  How about all tech backdoors are bad and we should aim to use and make software and hardware that is ethically produced and usable without selling out your privacy and security?
  
  China ain't our friend but neither is our own regime, I don't get the normies only caring about privacy and security when chinaman do the thing
  
  Then they tuck their dicks because they got nothing to hide when domestic spook is doing the same
  
  pathetic and intellectually disingenuous
  
  Where did anyone say anything remotely like that?
  
  I think it's sarcasm mate.
  
  I wouldnt be so sure about that. I've heard people say stuff that was mindbogglingly dumber than that, completely seriously.
  
  it was in fact sarcasm
  
  thats what /s is for.
- Like a PRISM for China, is every powerful country just backdooring each other?
  
  Thats hot.

174 comments