this post was submitted on 16 Mar 2025
7 points (100.0% liked)

(safe) Unsecure security

184 readers
1 users here now

(un) Security - Who will guard the guards?

founded 3 years ago
MODERATORS
saint@group.lt
skrt@group.lt
KasTas@group.lt
7
29 Undocumented commands found in ESP-32 microcontrollers CVE-2025-27840 (www.bleepingcomputer.com)
submitted 2 weeks ago by saint@group.lt to c/saugumas@group.lt
4 comments fedilink hide all child comments
 

cross-posted from: https://lemmy.world/post/26598539

cross-posted from: https://programming.dev/post/26664400

Tarlogic developed a new C-based USB Bluetooth driver that is hardware-independent and cross-platform, allowing direct access to the hardware without relying on OS-specific APIs.

Armed with this new tool, which enables raw access to Bluetooth traffic, Tarlogic discovered hidden vendor-specific commands (Opcode 0x3F) in the ESP32 Bluetooth firmware that allow low-level control over Bluetooth functions.

In total, they found 29 undocumented commands, collectively characterized as a "backdoor," that could be used for memory manipulation (read/write RAM and Flash), MAC address spoofing (device impersonation), and LMP/LLCP packet injection.

Espressif has not publicly documented these commands, so either they weren't meant to be accessible, or they were left in by mistake. The issue is now tracked under CVE-2025-27840.

"it's just for testing"

top 4 comments
sorted by: hot top controversial new old
[–] Shadow@lemmy.ca 2 points 2 weeks ago (1 children)

This has been debunked. It's not a backdoor. It's debugging commands.

[–] saint@group.lt 1 points 2 weeks ago (1 children)

From security perspective, do you think the wording changes a lot here?

[–] Shadow@lemmy.ca 3 points 2 weeks ago (1 children)

Absolutely yes. A backdoor implies its available via remote access of some sort, not something that requires low level code access to the microcontroller. Huge difference.

[–] saint@group.lt 2 points 2 weeks ago

I understand your point, but I would not imply that a backdoor has to be remote. Backdoors are essentially any alternative, often undocumented ways to access or gain privileges on systems. They don't always result from malicious intent either - many backdoors simply "happen" when developers haven't fully considered security implications. For the average user whose device contains such unintentional backdoors, the impact remains the same regardless of how they came to exist. Consider the times when vendors had default BIOS passwords - these created a nightmare for Uni IT staff (and others as well), even though they were not accessible remotely.