Technology @lemmy.world Tea @programming.dev 24h ago

Undocumented Commands Found In Bluetooth Chip Manufactured in China Used By a Billion Devices.

www.tarlogic.com Tarlogic detects a hidden feature in the mass-market ESP32 chip that could infect millions of IoT devices

Tarlogic presents research revealing undocumented commands in the ESP32 microchip, present in millions of smart devices with Bluetooth

Source Link Privacy.

Privacy test result

https://themarkup.org/blacklight?url=https%3A%2F%2Fwww.tarlogic.com%2Fnews%2Fbackdoor-esp32-chip-infect-ot-devices%2F&device=mobile&location=us-ca&force=false

Tarlogic Security has detected a backdoor in the ESP32, a microcontroller that enables WiFi and Bluetooth connection and is present in millions of mass-market IoT devices. Exploitation of this backdoor would allow hostile actors to conduct impersonation attacks and permanently infect sensitive devices such as mobile phones, computers, smart locks or medical equipment by bypassing code audit controls.

Update: The ESP32 "backdoor" that wasn't.

140

cybersecurity @infosec.pub Tea @programming.dev 24h ago

Undocumented Commands Found In Bluetooth Chip Manufactured in China Used By a Billion Devices.

www.tarlogic.com /news/backdoor-esp32-chip-infect-ot-devices/

Technology @lemmy.zip Tea @programming.dev 24h ago

Undocumented Commands Found In Bluetooth Chip Manufactured in China Used By a Billion Devices.

www.tarlogic.com /news/backdoor-esp32-chip-infect-ot-devices/

You're viewing a single thread.

140 comments

The ESP32 chip, developed by Espressif Systems, is widely used in various IoT (Internet of Things), embedded systems, and consumer electronics due to its low power consumption, built-in Wi-Fi & Bluetooth, and high processing capability.

Devices That Use the ESP32 Chip

Development Boards & Microcontrollers

ESP32 DevKit series (official Espressif boards)

M5Stack and M5Stick series

Adafruit HUZZAH32

SparkFun ESP32 Thing

LilyGO T-Series (T-Display, T-SIM, T-Watch, etc.)

WEMOS Lolin D32/D32 Pro

Smart Home & IoT Devices

Sonoff Smart Switches and Plugs (e.g., Sonoff Mini R3, Sonoff S31)

Shelly Smart Relays (e.g., Shelly 1, Shelly 2.5)

Tuya-Based Smart Devices (many smart home products use Tuya firmware on ESP32)

Air quality monitors (e.g., AirGradient open-source air sensors)

IoT Sensor Hubs (various DIY and commercial solutions)

Wearables & Portable Devices

TTGO T-Watch (ESP32-based smartwatch)

Heltec WiFi Kit Series (LoRa-enabled IoT devices)

Fitness trackers (some DIY and prototype models)

Robotics & DIY Electronics

ESP32-CAM (ESP32-based camera module)

DIY drones & robots (used in hobbyist and educational robotics)

3D Printer controllers (e.g., ESP32-based Klipper controllers)

Industrial & Commercial Products

ESP32-based vending machines (wireless payment systems)

Smart irrigation controllers

Energy monitoring devices (e.g., OpenEnergyMonitor)

Smart locks & security systems

Audio & Multimedia Devices

ESP32-based web radios

DIY Bluetooth speakers

Smart light controllers with voice assistants

Why Is ESP32 Popular?

✔ Low-cost & powerful (dual-core, Wi-Fi, Bluetooth) ✔ Great for DIY & commercial IoT applications ✔ Strong developer community & open-source support ✔ Compatible with Arduino, MicroPython, ESP-IDF, etc.
- thanks chatgpt
  
  I wonder which IoT devices are affected, beyond DIY, that people actually use in North America.
  
  I have a cheap wireless hygrometer in the house.. I don't know which chip gives it its capability. I just know ESP32 is the most common one.

140 comments