Tarlogic detects a hidden feature in the mass-market ESP32 chip that could infect millions of IoT devices
www.tarlogic.com
Tarlogic presents research revealing undocumented commands in the ESP32 microchip, present in millions of smart devices with Bluetooth
Source Link Privacy.

Privacy test result

https://themarkup.org/blacklight?url=https%3A%2F%2Fwww.tarlogic.com%2Fnews%2Fbackdoor-esp32-chip-infect-ot-devices%2F&device=mobile&location=us-ca&force=false

Tarlogic Security has detected a backdoor in the ESP32, a microcontroller that enables WiFi and Bluetooth connection and is present in millions of mass-market IoT devices. Exploitation of this backdoor would allow hostile actors to conduct impersonation attacks and permanently infect sensitive devices such as mobile phones, computers, smart locks or medical equipment by bypassing code audit controls.

Update: The ESP32 “backdoor” that wasn’t.

  • RmDebArc_5@sh.itjust.worksEnglish
    441·
    1 day ago

    I’d like to know if this is just a firmware update or unfixable, but sadly this seems just an ad rather than news

    • ChaoticNeutralCzech@feddit.orgEnglish
      2·
      7 hours ago

      There is nothing to “fix”. Undocumented instructions have just been found in the silicon but they are not executable unless the ESP32’s firmware their owner flashed to give it a purpose uses them. No pre-2025 firmware that we know of uses these instructions, and they might turn out to be buggy so compilers might not adopt them. If they turn out OK, the documentation of the instruction set will need an update, and compilers will be able to take advantage of the new instructions.

      • Crafter72@lemmy.dbzer0.comEnglish
        1·
        12 hours ago

        Thanks for the link, this article is more clear compared to the posted above.

        I’m more interested to the scope of the exploit whether it could touch the flash of the controller or not as you can also do OTA update through the BLE component.

      • neuracnu@lemmy.blahaj.zoneEnglish
        5·
        23 hours ago

        Solid article. I imagine the folks at the cyberwire podcast will be doing more digging over the weekend for a solid summary come Monday.

    • Ebby@lemmy.ssba.comEnglish
      11·
      1 day ago

      Even if it were fixable, it would be up to manufacturers to push updates. I doubt any really care enough.

    • Treczoks@lemmy.worldEnglish
      6·
      22 hours ago

      It is not easy to determine how fixable this is. IIRC, the ESP32 has the wireless stack hidden from user space, and I am not sure if it is a blob included during link time, or if it is stored in a ROM of the chip. I do have the chips and the development enviroment in my studio, but (luckily) I decided to use a different chip for my project.

      But I know there is a load of systems using either the ESP32 as their main processor, or as an auxiliary processor to add WiFi or BT capabilities, so this really is a big oh shit moment.