Recent searches
Search options
The ESP32 Bluetooth Backdoor That Wasn’t
https://hackaday.com/2025/03/10/the-esp32-bluetooth-backdoor-that-wasnt/
@hackaday perspective & analysis, not hysteria ... you'll never get clicks with that 
@vk2bea We aim to provide a balanced, reasoned perspective as always!
@hackaday This news really shocked me but with this context it makes a lot more sense. I was surprised that there could be a “backdoor” in such a well known chip. But I imagined that “backdoor” would mean I could make a device to wirelessly take over every set of speakers, earbuds and lightbulbs in range and maybe also steal their passwords or something too— but this is more like if you let me physically plug in I can mess with you using information that isn’t well known right?
@futurebird @hackaday I think it goes right back to firmware security in IoT. Is the device using hte ESP32 itself secure? Does it have the ability to reprogram the ESP32?
@futurebird @hackaday As someone who participated in spreading the FUD around this on Saturday, it's a good reminder that a "good story" will travel much faster than the actual truth - and it's important to spread corrections once they're known.
@futurebird @hackaday I saw the original article and skimmed over it when it came out...finding no description of a backdoor, but rather of just making a chip do things it normally wouldn't. And not even that nefarious compared to its normal behavior. Further, it could really only be exploited by code already running on it, which makes the attack scenario negligible. At most it seemed to be useful for spoofing, which is a completely unrelated thing.
@futurebird It's not yet borne out that the ESP32 is trivial to wirelessly compromise, at this stage
@futurebird @hackaday It appears to be a testing interface that should have been removed, not an intentional back door (which would have been hidden much better). Not sure if it is exploitable.