Avatar
Bitcoin.Review 9mo ago

Is ESP32 really safe for securing #Bitcoin?

Undocumented commands in ESP32 Bluetooth chip have recently raised security concerns, adding to existing risks. 🚨

nostr:nprofile1qqsw3znfr6vdnxrujezjrhlkqqjlvpcqx79ys7gcph9mkjjsy7zsgygpz3mhxue69uhhyetvv9ujuerpd46hxtnfduqs6amnwvaz7tmwdaejumr0ds4nye4r , nostr:nprofile1qqsvak4cr0jzaarahhn98a9602e94sa2xt8u9dnjac8cns86lzp0z0spr9mhxue69uhhyetvv9ujuumwdae8gtnnda3kjctv9uq3wamnwvaz7tmjwdekccte9ehx7um5wghxuet59uus59ze , and nostr:nprofile1qqswlwjv80p52kxjplc2gv7asxs0hnsvxu6d0dte6mgzpkrznw7uk7gpz3mhxue69uhhyetvv9ujuerpd46hxtnfduer488l sound the alarm in BR093.

https://m.primal.net/PkMG.mov

Reply to this note

Please Login to reply.

Discussion

Avatar
Nikos 9mo ago

fud! if you can get into BLE range you are also in hot lead range FYI!

Avatar
DETERMINISTIC OPTIMISM 🌞 9mo ago

Go read the spec.

Avatar
yope 9mo ago

This happens to be a nothingburger. These are undocumented HCI commands in the BLE api. Which means that you can do some previously undocumented stuff with the ESP32 if you already have access to run your own code on it to begin.

That said, any chip with ROM code or "binary blobs" that are needed runtime to interact with the hardware are problematic. For a microcontroller this is not as common yet, but unfortunately more complex SoCs that can run Linux almost always have some sort of secret binary blob nowadays.

Avatar
DETERMINISTIC OPTIMISM 🌞 9mo ago

It's very easy to bypass the secure boot on ESP32

Avatar
yope 9mo ago

Oh, that might be. I am not claiming the ESP32 is good choice for security. But I suppose you need physical access for that.

If we talk about hardware wallets, physical access will almost always mean game over if the attacker is sophisticated enough.