Hidden feature in ESP32. Security. Bluetooth.

[runout-at]

Port, board and/or hardware

esp32

MicroPython version

No response

Issue Report

There is a recent report from Tarlogic about undocumented commands on the ESP32. At first they did call it backdoor but changed to feature - possibly for legal reasons:

https://www.tarlogic.com/news/hidden-feature-esp32-chip-infect-ot-devices/

• How does this effect Micropython firmware?
• Did somebody investigate this already?
• What can we do against it?

Code of Conduct

Yes, I agree

[DvdGiessen]

See Espressif's response here as well as the technical blog post they link in that response here.

In short, what I gather from those responses this doesn't seem to be a backdoor or big security issue, merely a few undocumented debugging commands in the BLE stack that can be called by code already running on the ESP32 (which means in case of MicroPython usually your own code), nothing that can be triggered remotely.

[sosi-deadeye]

It's like complaining that a modem offers the ability to dial.

So they have found out that you can execute proprietary commands via HCI. This assumes that the hacker already has access to the ESP32. This cannot be abused via OTA.

This sensationalism is getting worse and worse.

[Josverl]

I suggest to change this to a Discussion

[runout-at]

Thx for the links and for looking into it!

Feel free to change it to a discussion.