Comment

Comment on Undocumented "backdoor" found in Bluetooth chip used by a billion devices

Xanza@lemm.ee ⁨1⁩ ⁨day⁩ ago

No way they’re on the same level. Heartbleed allowed for remote memory reads.

I professionally studied HeartBleed as a security researcher and wrote a peer reviewed opinion piece which was published. I won’t say where or the title because it would give you my full name, so deal with it. Not trying to humble-brag, just trying to say, I’ve done the research myself here.

HeartBleed was an oversight which sent out enabled by default (!) a TLS heartbeat read overrun error in OpenSSL v1.0.1 to 1.0.2-beta which allowed any third party with an internet connection the ability to request information, 64kb at a time, stored in an affected servers memory. Anything. Private keys, encryption keys, TLS private keys (imagine SSL verified MITM attacks), decrypted sensitive files (which are HDD encrypted and decrypted in memory), passwords, anything.

All’s you had to do was know how to request the information, and the server you wanted to attack. It went undiscovered for a number of months before it was found. The extension was enabled by default, and came bundled with software used on literally billions of private computing devices, servers, IoT devices, and even interstitial devices used over network connection.

Here’s an excerpt from some other security researchers on the subject, in case you don’t want to take my word for it;

We have tested some of our own services from attacker’s perspective. We attacked ourselves from outside, without leaving a trace. Without using any privileged information or credentials we were able steal from ourselves the secret keys used for our X.509 certificates, user names and passwords, instant messages, emails and business critical documents and communication. 1

You’re correct that they’re not on the same level, but completely backwards in thinking that an undocumented bluetooth backdoor is worse than the worst vulnerability found since the invention of the internet. HeartBleed affected hundreds of millions of critical servers. Literally billions of devices in total. How many consumer devices do you think have this exact bluetooth chip? 10,000? 100,000? 10 million? Still small peanuts in comparison.

source

Sort:hotnew top

chaospatterns@lemmy.world ⁨1⁩ ⁨day⁩ ago

but completely backwards in thinking that an undocumented bluetooth backdoor is worse than the worst vulnerability found since the invention of the internet

Right HeartBleed was way worse than this, not on the same level. I wasn’t claiming the opposite.

I was responding to the comment that appeared to suggest they were on the same level.

source
- Xanza@lemm.ee ⁨1⁩ ⁨day⁩ ago
  Yeah, looks like I was gonna respond to the other guy too, but ended up rolling both replies into the same post for some reason. lol oops.
  
  The first part of my post is just backing up what you had said, and the second half was for the guy you were also replying to, to point out how crazy he was.
  
  source
Buelldozer@lemmy.today ⁨1⁩ ⁨day⁩ ago

How many consumer devices do you think have this exact bluetooth chip?

Hundreds of millions. They’re used in an almost uncountable number of IoT devices. It’s entirely possible that there’s a handful of 'em, or more, in your house. Absolutely anything “smart” that uses WiFi or Bluetooth could have one including sprinkler controllers, door locks, lightbulbs, appliances both large and small, garage door openers, and remote controlled power plugs.

Espressif has sold a huge number of ESP32 chips. This isn’t some uncommon no-name manufacturer or chip. It’s used at scale and has been for years.

That you aren’t personally aware of it only means that you have a blind spot.

source
- Xanza@lemm.ee ⁨1⁩ ⁨day⁩ ago
  
  Hundreds of millions. They’re used in an almost uncountable number of IoT devices.
  
  It’s only this specific chip that is affected. It’s not all bluetooth chips. The article doesn’t even specify which of their tens of chips is affected; ESP32-D0WD-V3, ESP32-D0WDR2-V3, ESP32-U4WDH, ESP32-PICO-V3, ESP32-PICO-V3-02, or the ESP32-PICO-D4.
  
  Even if it were all of them, and even if it were hundreds of millions of devices it would still pale in comparison to HeartBleed in all aspects. It’s an interesting but sophisticated attack vector which severely limits its usage. But lets say you execute a MITM attack from one of these ESP32 chips. What are you feasibly able to do? A MITM attack? Considering these are all low power devices its extremely unlikely that they would be able to output enough power to overtake your home AP. Without doing more research on it, the actual attack surface is opaque. I mean, I guess a guy in China can remotely turn on your sprinklers or get your WiFi password… Lot of good that’s gonna do him from China.
  
  source