Conversation

Notices

1. Embed this notice
   Stephen Brooks 🦆 (sjb@mstdn.io)'s status on Sunday, 09-Mar-2025 16:19:41 JST Stephen Brooks 🦆

   #ESP32 backdoor. #security
   https://www.bleepingcomputer.com/news/security/undocumented-backdoor-found-in-bluetooth-chip-used-by-a-billion-devices/

   • Embed this notice
     翠星石 (suiseiseki@freesoftwareextremist.com)'s status on Sunday, 09-Mar-2025 16:19:39 JST 翠星石

     in reply to

     • Wolf480pl
     @wolf480pl @sjb It doesn't strictly require already having root on the device - if the bluetooth implementation generates bluetooth commands in some way, that would allow for easy remote exploitation (if an attacker can get the bluetooth library to generate the backdoor opcodes, the attacker can trivially write to memory or flash and get persistent exploitation).
   • Embed this notice
     Wolf480pl (wolf480pl@mstdn.io)'s status on Sunday, 09-Mar-2025 16:19:40 JST Wolf480pl

     in reply to

     @sjb AFAIU it requires already having root on the chip, so it's not really a backdoor

   • Embed this notice
     Wolf480pl (wolf480pl@mstdn.io)'s status on Sunday, 09-Mar-2025 16:30:11 JST Wolf480pl

     in reply to

     • 翠星石

     @Suiseiseki @sjb by remote you mean wirelessly over bluetooth?

   • Embed this notice
     翠星石 (suiseiseki@freesoftwareextremist.com)'s status on Sunday, 09-Mar-2025 16:30:11 JST 翠星石

     in reply to

     • Wolf480pl
     @wolf480pl @sjb Yes.