Nostr Web Client

Is ESP32 really safe for securing #Bitcoin?

Undocumented commands in ESP32 Bluetooth chip have recently raised security concerns, adding to existing risks. 🚨

nostr:nprofile1qqsw3znfr6vdnxrujezjrhlkqqjlvpcqx79ys7gcph9mkjjsy7zsgygpz3mhxue69uhhyetvv9ujuerpd46hxtnfduqs6amnwvaz7tmwdaejumr0ds4nye4r , nostr:nprofile1qqsvak4cr0jzaarahhn98a9602e94sa2xt8u9dnjac8cns86lzp0z0spr9mhxue69uhhyetvv9ujuumwdae8gtnnda3kjctv9uq3wamnwvaz7tmjwdekccte9ehx7um5wghxuet59uus59ze , and nostr:nprofile1qqswlwjv80p52kxjplc2gv7asxs0hnsvxu6d0dte6mgzpkrznw7uk7gpz3mhxue69uhhyetvv9ujuerpd46hxtnfduer488l sound the alarm in BR093.

https://m.primal.net/PkMG.mov

yope 9mo ago

This happens to be a nothingburger. These are undocumented HCI commands in the BLE api. Which means that you can do some previously undocumented stuff with the ESP32 if you already have access to run your own code on it to begin.

That said, any chip with ROM code or "binary blobs" that are needed runtime to interact with the hardware are problematic. For a microcontroller this is not as common yet, but unfortunately more complex SoCs that can run Linux almost always have some sort of secret binary blob nowadays.

Reply to this note

Please Login to reply.

Discussion

DETERMINISTIC OPTIMISM 🌞 9mo ago

It's very easy to bypass the secure boot on ESP32

yope 9mo ago

Oh, that might be. I am not claiming the ESP32 is good choice for security. But I suppose you need physical access for that.

If we talk about hardware wallets, physical access will almost always mean game over if the attacker is sophisticated enough.