Replying to Avatar yope

This happens to be a nothingburger. These are undocumented HCI commands in the BLE api. Which means that you can do some previously undocumented stuff with the ESP32 if you already have access to run your own code on it to begin.

That said, any chip with ROM code or "binary blobs" that are needed runtime to interact with the hardware are problematic. For a microcontroller this is not as common yet, but unfortunately more complex SoCs that can run Linux almost always have some sort of secret binary blob nowadays.
Avatar
DETERMINISTIC OPTIMISM 🌞 9mo ago

It's very easy to bypass the secure boot on ESP32

Reply to this note

Please Login to reply.

Discussion

Avatar
yope 9mo ago

Oh, that might be. I am not claiming the ESP32 is good choice for security. But I suppose you need physical access for that.

If we talk about hardware wallets, physical access will almost always mean game over if the attacker is sophisticated enough.