As per https://www.tarlogic.com/news/backdoor-esp32-chip-infect-ot-devices/ :
"At RootedCON, the Tarlogic Innovation team presents research revealing undocumented commands in the ESP32 microchip, present in millions of smart devices with Bluetooth
The cybersecurity company has designed a unique tool to perform security audits of Bluetooth devices on any operating system
Tarlogic Security has detected a backdoor in the ESP32, a microcontroller that enables WiFi and Bluetooth connection and is present in millions of mass-market IoT devices. Exploitation of this backdoor would allow hostile actors to conduct impersonation attacks and permanently infect sensitive devices such as mobile phones, computers, smart locks or medical equipment by bypassing code audit controls."
(source: https://x.com/Tarlogic/status/1897584096135581721)
I always suspected that Bluetooth was vulnerable in some manner, but for the ESP32 to have something shady about it is astonishing. If you're interested in cyber security you should check out Tarlogic's github repositories and X feed.
