Backdoor found in ESP32 chips that allow arbitrary memory access and more remotely via Bluetooth
Discussion
yikes
Bye bye blockstream Jade
While things like Bluetooth or USB are typically safe, still better to avoid them. That's why I use my Jade in stateless mode, no BT version of the firmware, and via QR.
Blockstream Jade now not safe?
In total, they found 29 undocumented commands, collectively characterized as a "backdoor," that could be used for memory manipulation (read/write RAM and Flash), MAC address spoofing (device impersonation), and LMP/LLCP packet injection.
Espressif has not publicly documented these commands, so either they weren't meant to be accessible, or they were left in by mistake.
' mistake '
Wild times we livin in
"The researchers warned that ESP32 is one of the world's most widely used chips for Wi-Fi + Bluetooth connectivity in IoT (Internet of Things) devices, so the risk of any backdoor in them is significant."
Backdoor found in ESP32 chips that allow arbitrary memory access and more remotely via Bluetooth
Remember everyone, that the S in IoT stands for Security.
This has "intelligence" agency written all over it, and given the 2014 WikiLeaks revelations, guaranteed to be supply chain attacked into most consumer products.
It can be safely assumed that most peoprietary chips have backdoors used by terrorist "intelligence" agencies such as the NSA and CIA, this one just happened to be discovered.