Seemed more like, the hardware developer didn’t document some useful features and forgot to remove some debugging features.
I would have considered it a backdoor, if the features made it possible to run code via a bluetooth packet without having the firmware enable such a thing.
The article seemed to conclude that there could be attacks done after overwriting the firmware (which would have to be done using technologically legitimate means, like accessing the hardware), which, from what I see, won’t really need to depend upon extra undocumented functionality to create a Trojan.
The only case in which it would be a problem is if there were some firewall rules relying upon the inability of ESP32 to execute said functions.
Did we ever validate the esp32 Bluetooth backdoor?
Yea, it’s a nothingburger-ish
For an extra $50, your CO monitor can also run wifi in promiscuous mode!
Seemed more like, the hardware developer didn’t document some useful features and forgot to remove some debugging features.
I would have considered it a backdoor, if the features made it possible to run code via a bluetooth packet without having the firmware enable such a thing.
The article seemed to conclude that there could be attacks done after overwriting the firmware (which would have to be done using technologically legitimate means, like accessing the hardware), which, from what I see, won’t really need to depend upon extra undocumented functionality to create a Trojan.
The only case in which it would be a problem is if there were some firewall rules relying upon the inability of ESP32 to execute said functions.