Onno (VK6FLAB)@lemmy.radio to Privacy@lemmy.ml · edit-21 month agoUndocumented "backdoor" found in Bluetooth chip used by a billion deviceswww.bleepingcomputer.comexternal-linkmessage-square17linkfedilinkarrow-up1210arrow-down130file-text
arrow-up1180arrow-down1external-linkUndocumented "backdoor" found in Bluetooth chip used by a billion deviceswww.bleepingcomputer.comOnno (VK6FLAB)@lemmy.radio to Privacy@lemmy.ml · edit-21 month agomessage-square17linkfedilinkfile-text
minus-squareazdleAlinkfedilinkarrow-up4·edit-21 month agoMaybe we can find out for sure through the magic of the fediverse… @antoniovazquezblanco@mastodon.social Is the “backdoor” mentioned in https://www.tarlogic.com/news/backdoor-esp32-chip-infect-ot-devices/ about what you shared in your RootedCON talk? If so, how worried should people using devices containing ESP32s be?
minus-squareFeyr@lemmy.worldlinkfedilinkarrow-up4·1 month agoNone. People that have physical access to you device can write malicious firmware. Which they can already do with physical access It’s an overblown nothing-burger. Calling it a backdoor is a security researcher juicing up some minor finding
minus-squareSignatus@mastodon.sociallinkfedilinkarrow-up2·1 month agoHi @azdle! I would not classify it as a backdoor. See https://mastodon.social/@xenokovah@infosec.exchange/114132556066553022 for a rigorous analysis from a third party. Also interesting to see the official response to this at https://www.espressif.com/en/news/response/_esp32/_bluetooth.
minus-squareazdleAlinkfedilinkarrow-up1·1 month agoThanks for the reply @antoniovazquezblanco@mastodon.social, good to have that confirmed.
Maybe we can find out for sure through the magic of the fediverse…
@antoniovazquezblanco@mastodon.social Is the “backdoor” mentioned in https://www.tarlogic.com/news/backdoor-esp32-chip-infect-ot-devices/ about what you shared in your RootedCON talk? If so, how worried should people using devices containing ESP32s be?
None. People that have physical access to you device can write malicious firmware. Which they can already do with physical access
It’s an overblown nothing-burger. Calling it a backdoor is a security researcher juicing up some minor finding
Hi @azdle! I would not classify it as a backdoor. See https://mastodon.social/@xenokovah@infosec.exchange/114132556066553022 for a rigorous analysis from a third party. Also interesting to see the official response to this at https://www.espressif.com/en/news/response/_esp32/_bluetooth.
Thanks for the reply @antoniovazquezblanco@mastodon.social, good to have that confirmed.