Concise Summary:
A vulnerability was discovered in the widely used ESP32 microchip, used by over a billion devices. The backdoor, undocumented and hidden in the firmware, allows attackers to manipulate device memory, spoof MAC addresses, inject LMP/LLCP packets, and potentially establish persistent access. This was identified by researchers at Tarlogic Security, who discovered 29 undocumented commands for low-level control of Bluetooth functions. Espressif, the manufacturer, has not publicly documented these commands, raising concerns about their intended use or possible accidental inclusion. The discovery highlights a significant security risk for IoT devices reliant on ESP32 chips, as this vulnerability could be exploited to gain unauthorized access and control over connected systems.
Key Points:
- Here are 5 key points from the article:.
-
- An undocumented backdoor was discovered in the ESP32 microchip, which is used by over a billion IoT devices and primarily supports Wi-Fi and Bluetooth connectivity.
-
- The undocumented backdoor allows for various attacks like spoofing trusted devices, unauthorized data access, pivoting to other devices, and potential long-term persistence.
-
- Spanish researchers at Tarlogic Security discovered this backdoor after developing a new C-based USB Bluetooth driver that provides direct hardware access without relying on OS-specific APIs.
-
- The backdoor was found through the exploitation of vendor-specific commands (Opcode 0x3F) in the ESP32 Bluetooth firmware.
-
- Espressif, the manufacturer of the ESP32 chip, has not publicly documented these commands, suggesting they may be intentionally hidden or unintended.
- Let me know if you’d like to explore any of these points further!.
Archive Links:
12ft: https://12ft.io/https://www.bleepingcomputer.com/news/security/undocumented-backdoor-found-in-bluetooth-chip-used-by-a-billion-devices/
archive.org: https://web.archive.org/web/https://www.bleepingcomputer.com/news/security/undocumented-backdoor-found-in-bluetooth-chip-used-by-a-billion-devices/
archive.today: https://archive.today/https://www.bleepingcomputer.com/news/security/undocumented-backdoor-found-in-bluetooth-chip-used-by-a-billion-devices/
Original Link: https://www.bleepingcomputer.com/news/security/undocumented-backdoor-found-in-bluetooth-chip-used-by-a-billion-devices/
User Message: Undocumented commands found in Bluetooth chip used by a billion devices
For more on bypassing paywalls, see the post on bypassing methods