Comment on Undocumented 'Backdoor' Found In Chinese Bluetooth Chip Used By a Billion Devices.
Dekkia@this.doesnotcut.it 4 weeks agoIt ain’t so.
To use the “backdoor” an attacker needs to have full access to the esp32 powered device already.
It’s like claiming that being able to leave your desk without locking your PC is a backdoor in your OS.
ChaoticNeutralCzech@feddit.org 4 weeks ago
Yes, this is about undocumented instructions found in the silicon but they are not executable unless the ESP32’s firmware uses them. Firmware cannot be edited to use them unless you have an existing vulnerability such as physical access or insecure OTA in existing firmware (as far as researchers know).
It is good to question the “backdoor” allegations - maybe the instructions’ microcode was buggy and they didn’t want to release it.