this post was submitted on 09 Mar 2025
45 points (85.7% liked)

homeassistant

13239 readers
288 users here now

Home Assistant is open source home automation that puts local control and privacy first. Powered by a worldwide community of tinkerers and DIY enthusiasts. Perfect to run on a Raspberry Pi or a local server. Available for free at home-assistant.io

founded 2 years ago
MODERATORS
[email protected]
greatalbatross
45
Undocumented "backdoor" found in Bluetooth chip used by a billion devices [ESP32] (www.bleepingcomputer.com)
submitted 3 days ago by [email protected] to c/homeassistant
7 comments fedilink hide all child comments
 

cross-posted from: https://sopuli.xyz/post/23587111

Archive: https://archive.is/2025.03.08-191658/https://www.bleepingcomputer.com/news/security/undocumented-backdoor-found-in-bluetooth-chip-used-by-a-billion-devices/

The ubiquitous ESP32 microchip made by Chinese manufacturer Espressif and used by over 1 billion units as of 2023 contains an undocumented "backdoor" that could be leveraged for attacks.

The undocumented commands allow spoofing of trusted devices, unauthorized data access, pivoting to other devices on the network, and potentially establishing long-term persistence.

This was discovered by Spanish researchers Miguel Tarascó Acuña and Antonio Vázquez Blanco of Tarlogic Security, who presented their findings yesterday at RootedCON in Madrid.

top 7 comments
sorted by: hot top controversial new old
[–] [email protected] 27 points 3 days ago* (last edited 3 days ago)

I don't think is is a backdoor. At the moment I wouldn't consider this article any more than FUD.

It's unclear to me if the security company has actually said what the vuln is or not, but if it's what was presented in the slides linked in the article this is at worst something that can be "attacked" from a computer connected via USB (and I'm pretty sure it would also require special software already on the ESP32), where the attack is sending out possibly invalid bluetooth messages to try to attack other devices or flashing new firmware to the ESP itself. It's not a general "backdoor" in the ESP32 itself. At least that's the best interpretation I've been able to make. Happy to be corrected if anyone finds more info.