Undocumented "backdoor" found in Bluetooth chip used by a billion devices

submitted by American_Muskrat from (bleepingcomputer.com)

sorted by:
top
newinsightfulfun
you are viewing a single comment's thread.

view the rest of the comments →

[–]zyxzevn 3 insightful - 1 fun3 insightful - 0 fun4 insightful - 1 fun -  (3 children)

The "backdoor" is overhyped. It is only accessible via the USB interface.

Analysis by youtuber "low-level" who studies security problems:
video

[–]American_Muskrat[S] 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 1 fun -  (1 child)

Oh, whew. Good to know.

[–]zyxzevn 4 insightful - 1 fun4 insightful - 0 fun5 insightful - 1 fun -  (0 children)

I think that it was over-hyped by the security company to advertise for themselves.

The story sounded a bit similar to the Bloomberg article that falsely reported about a small chip on motherboards, which they claimed to be a backdoor.
Super Micro says review found no malicious chips in motherboards
I thought it was clearly false, because the chip identified by bloomberg only has a few pins and is not connected to anything important. More like an analog component.

[–]In-the-clouds 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (0 children)

To get my computer online, I usually connect a cell phone via USB. However, cell phones do not use the ESP32 chipset. The article implies this exploit could infect a cell phone or computer if another device using ESP32 was connected. The average person probably does not have this chip in their inventory.