Undocumented "backdoor" found in Bluetooth chip used by a billion devices

submitted by American_Muskrat from bleepingcomputer.com

all 11 comments
sorted by:
top
newinsightfulfun

[–]zyxzevn 5 insightful - 1 fun5 insightful - 0 fun6 insightful - 1 fun -  (2 children)

I think most hardware is intentionally not secure.

[–]xoenix 3 insightful - 1 fun3 insightful - 0 fun4 insightful - 1 fun -  (0 children)

I can also believe people make stupid mistakes.

[–]In-the-clouds 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (0 children)

Yes, and the article said this chip has "29 undocumented commands" and "Espressif has not publicly documented these commands". They, of course, know how to use these commands.

[–]WoodyWoodPecker 4 insightful - 3 fun4 insightful - 2 fun5 insightful - 3 fun -  (0 children)

Granpa's Hearing Aids pick up his grandson's Call of Duty audio due to the leak. Thinks he is back in 'Nam!

[–]wlh0242 4 insightful - 1 fun4 insightful - 0 fun5 insightful - 1 fun -  (0 children)

They should look into the crypto miner "Helium" if they want a real shocker lol....China's got people putting routers out there that communicate over the LoRaWAN protocol, which is a low-power, wide-area network (LPWAN) protocol. Helium has a miner "Map" that shows you the locations, which are conveniently all around military installations and even Area 51, 52 lol.

[–]In-the-clouds 3 insightful - 3 fun3 insightful - 2 fun4 insightful - 3 fun -  (0 children)

The ubiquitous ESP32 microchip made by Chinese manufacturer Espressif

ESP?

Extrasensory perception (ESP), also known as a sixth sense, or a paranormal ability pertaining to reception of information not gained through the recognized physical senses, but sensed through the spirit.

Perhaps they named the chip with this in mind.

[–]zyxzevn 3 insightful - 1 fun3 insightful - 0 fun4 insightful - 1 fun -  (3 children)

The "backdoor" is overhyped. It is only accessible via the USB interface.

Analysis by youtuber "low-level" who studies security problems:
video

[–]American_Muskrat[S] 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 1 fun -  (1 child)

Oh, whew. Good to know.

[–]zyxzevn 4 insightful - 1 fun4 insightful - 0 fun5 insightful - 1 fun -  (0 children)

I think that it was over-hyped by the security company to advertise for themselves.

The story sounded a bit similar to the Bloomberg article that falsely reported about a small chip on motherboards, which they claimed to be a backdoor.
Super Micro says review found no malicious chips in motherboards
I thought it was clearly false, because the chip identified by bloomberg only has a few pins and is not connected to anything important. More like an analog component.

[–]In-the-clouds 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (0 children)

To get my computer online, I usually connect a cell phone via USB. However, cell phones do not use the ESP32 chipset. The article implies this exploit could infect a cell phone or computer if another device using ESP32 was connected. The average person probably does not have this chip in their inventory.