Actions
Forum Thread Details
  • Replies 9 replies
  • Subscribers 502 subscribers
  • Views 2029 views
  • Users 0 members are here
Related

Can the ESP32 be trusted? Undocumented "backdoor" found in popular microcontroller

cstanton

As per https://www.tarlogic.com/news/backdoor-esp32-chip-infect-ot-devices/ : 

"At RootedCON, the Tarlogic Innovation team presents research revealing undocumented commands in the ESP32 microchip, present in millions of smart devices with Bluetooth

The cybersecurity company has designed a unique tool to perform security audits of Bluetooth devices on any operating system
Tarlogic Security has detected a backdoor in the ESP32, a microcontroller that enables WiFi and Bluetooth connection and is present in millions of mass-market IoT devices. Exploitation of this backdoor would allow hostile actors to conduct impersonation attacks and permanently infect sensitive devices such as mobile phones, computers, smart locks or medical equipment by bypassing code audit controls."

bluetooth vulnerability

(source: https://x.com/Tarlogic/status/1897584096135581721)

I always suspected that Bluetooth was vulnerable in some manner, but for the ESP32 to have something shady about it is astonishing. If you're interested in cyber security you should check out Tarlogic's github repositories and X feed.

Parents

  • Interesting! However, I wonder how much of it will really impact users, for instance, it's unclear how those undocumented commands are run (do they require a malicious firmware update to contain the undocumented commands, in which case the malicious firmware could do anything). I guess we will find out more soon enough since so many of these devices are used. The undocumented commands might be test commands perhaps (e.g. TI and other manufacturer chips have test commands too, but they publish them).

    On another note, for Bluetooth, I've recently started exploring On Semi RSL15.. seems like a nice chip, although it's 0.4 mm pitch which is annoying (not much to do about that, it's the trend with these wireless microcontrollers intended for portable devices).

  • in reply to shabaz

    The RSL15 does look interesting, but their evaluation board is way too expensive. I don't get why companies do this, they aren't making any significant amount of money off of these boards anyways, and essentially lock hobbyists out of their product.

Reply Children
  • in reply to vmate

    I wasn't happy with the price of it either . Quite a lot of the manufacturers are now charging a lot more than they used to, for their eval boards. If I'm trying a microcontroller then I'll probably want a few boards, and that cost is not insignificant at all.

    I decided it's better instead to spend time preparing the footprint and PCB layout, which I would have to do at some point anyway if I wanted to make use of that chip), so I've started entering it into KiCad. I'm not looking forward to soldering it (I have done 0.4 mm pitch before, but not frequently enough to be good at it).

    I bought enough parts to build three boards (and have hundreds of spare passives left over), for the same cost as one eval board.