1. Forum
  2. Usenet
  3. UK.COMP.SYS.MAC

  • ESP32 - Undocumented commands found in Bluetooth chip used by a billion

    From TimS@21:1/5 to All on Sun Mar 9 21:44:41 2025
    <font color="#000000">For those who program with electronics on IoT (internet of things) devices, the ESP32 has 29 undocumented commands that could be used as a ‘backdoor’.</font>
    <font color="#000000"></font>
    <font color="#000000">Below is the article that provides more details.</font>

    <font color="#000000"><https://www.bleepingcomputer.com/news/security/undocumented- commands-found-in-bluetooth-chip-used-by-a-billion-devices/></font>
    <font color="#000000"></font>
    <font color="#000000">Where are our Macs made these days?</font>

    --
    Tim

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From TimS@21:1/5 to TimS on Sun Mar 9 21:50:16 2025
    On 9 Mar 2025 at 21:44:41 GMT, "TimS" <[email protected]> wrote:

    <font color="#000000">For those who program with electronics on IoT (internet of things) devices, the ESP32 has 29 undocumented commands that could be used as a ‘backdoor’.</font>
    <font color="#000000"></font>
    <font color="#000000">Below is the article that provides more details.</font>

    <fontcolor="#000000"><https://www.bleepingcomputer.com/news/security/undocum ented-commands-found-in-bluetooth-chip-used-by-a-billion-devices/></font> <font color="#000000"></font>
    <font color="#000000">Where are our Macs made these days?</font>

    This business of Usenapp sticking all this markup in seems to be triggered by pasting stuff into a new post, only to find that it's got mixed up with the
    sig and is all the same pale grey as the sig - and then trying to fix that up. It looks OK when posted but is received as the above.

    --
    Tim

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From =?UTF-8?Q?J=C3=B6rg_Lorenz?=@21:1/5 to TimS on Mon Mar 10 12:05:09 2025
    On 09.03.25 22:50, TimS wrote:
    On 9 Mar 2025 at 21:44:41 GMT, "TimS" <[email protected]> wrote:

    <font color="#000000">For those who program with electronics on IoT (internet
    of things) devices, the ESP32 has 29 undocumented commands that could be used
    as a ‘backdoor’.</font>
    <font color="#000000"></font>
    <font color="#000000">Below is the article that provides more details.</font>

    <fontcolor="#000000"><https://www.bleepingcomputer.com/news/security/undocum >> ented-commands-found-in-bluetooth-chip-used-by-a-billion-devices/></font>
    <font color="#000000"></font>
    <font color="#000000">Where are our Macs made these days?</font>

    This business of Usenapp sticking all this markup in seems to be triggered by pasting stuff into a new post, only to find that it's got mixed up with the sig and is all the same pale grey as the sig - and then trying to fix that up.
    It looks OK when posted but is received as the above.

    They are more or less harmless. They cannot be accessed OTA as far as I understand the issue.


    --
    "Gutta cavat lapidem." (Ovid)

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Theo@21:1/5 to TimS on Mon Mar 10 13:27:33 2025
    TimS <[email protected]> wrote:
    <font color="#000000">For those who program with electronics on IoT (internet of things) devices, the ESP32 has 29 undocumented commands that could be used as a ‘backdoor’.</font>
    <font color="#000000"></font>
    <font color="#000000">Below is the article that provides more details.</font>

    <font color="#000000"><https://www.bleepingcomputer.com/news/security/undocumented- commands-found-in-bluetooth-chip-used-by-a-billion-devices/></font>
    <font color="#000000"></font>
    <font color="#000000">Where are our Macs made these days?</font>

    It's not a backdoor:
    https://darkmentor.com/blog/esp32_non-backdoor/

    It's some undocumented commands (which aren't uncommon) on an interface used when you already control the device. ie it's not a backdoor, it's more like
    a hidden panel inside your house to access some pipes you could
    already access by other means, and are never accessible from outside.

    Theo

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Chris Ridd@21:1/5 to Theo on Mon Mar 10 18:01:00 2025
    On 10/03/2025 13:27, Theo wrote:
    TimS <[email protected]> wrote:
    <font color="#000000">For those who program with electronics on IoT (internet
    of things) devices, the ESP32 has 29 undocumented commands that could be used
    as a ‘backdoor’.</font>
    <font color="#000000"></font>
    <font color="#000000">Below is the article that provides more details.</font>

    <font
    color="#000000"><https://www.bleepingcomputer.com/news/security/undocumented-
    commands-found-in-bluetooth-chip-used-by-a-billion-devices/></font>
    <font color="#000000"></font>
    <font color="#000000">Where are our Macs made these days?</font>

    It's not a backdoor:
    https://darkmentor.com/blog/esp32_non-backdoor/

    It's some undocumented commands (which aren't uncommon) on an interface used when you already control the device. ie it's not a backdoor, it's more like a hidden panel inside your house to access some pipes you could
    already access by other means, and are never accessible from outside.

    I saw an analogy of telling your Ethernet card to change its MAC
    address, or send some funky packet over the wire.

    Seriously, whoever called this a "backdoor" should be taken out an
    actual backdoor and shot. The guys who figured this out seem good, the marketing folks (or whoever) in their company are very bad.

    --
    Chris

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)