Researchers uncover hidden 'backdoor' in widely used ESP32 microchip

A hot potato: The ESP32 chip, found in over a billion devices worldwide, contains undocumented vendor-specific commands that could potentially be misused to access device memory and manipulate Bluetooth functionality. Security experts emphasize that these commands are not directly accessible remotely without additional vulnerabilities and typically require physical access or already compromised firmware to exploit. An undocumented set of low-level commands has been discovered in the ESP32 microchip, a widely used component in IoT devices. Manufactured by the Chinese company Espressif, the ESP32 is a crucial component for Wi-Fi and Bluetooth connectivity in numerous smart devices, including mobile phones, computers, smart locks, and medical equipment. As of 2023, it is present in over a billion units worldwide. This discovery was made by Spanish researchers Miguel Tarascó Acuña and Antonio Vázquez Blanco of Tarlogic Security. The researchers presented their findings at RootedCON in M ... Read full article.