Worrying
Some of the reader comments here imply the issue is not so dramatic:
The risk seems to be potentially more on a supply chain attack / OEM shipping a compromised product.
There are products that are or have been sold in volume based on ESP32 (like Sonoff Smart Switches, some Smart Bulb or smart Plugs, ..). Fake or hacked devices could exist.
ok,
what does that mean for developer?
i use PICO W and ESP32S3
and connect Internet / local router for:
- NTP
- webpage
- MQTT ( local or remote )
none of that includes BT ? BLE
can i be sure it is OFF?
or does it have to be disabled?
The article explains that Spanish researchers have discovered 29 undocumented commands in the ESP32's Bluetooth firmware allowing for Bluetooth packet injection, memory manipulation, and device impersonation.
If Bluetooth is off, the attack via Bluetooth packet injection is not possible. However, if the attacker has access to other methods, such as physical access to the device's USB or UART interfaces, they could still possibly exploit the backdoor through RAM and Flash manipulation. This could allow for firmware modifications, persistent malware implantation, and potentially gaining control over Wi-Fi or other device functionalities.
That's why I was saying that the risk is
âžś Malicious actors could exploit the backdoor to compromise devices at the OEM level, deploying rogue firmware or malicious updates that use the backdoor for further exploitation.
Hard to know what's inside...
1 Like
pls how to check if it is OFF?
my phone / start BT
press [AVAILABLE DEVICES]
As I said, it's not easy. If a malicious actor injected a rogue firmware, it's hidden somewhere and would be triggered by some method...
You would have to verify that the firmware is exactly how it is intended to be and that this firmware does not have easter eggs somewhere...
Before panicking and throwing your ESP32 away, wait for Espressif's answer...
Your Windows laptop was also at risk from security vulnerabilities like CVE-2024-43572, which allowed remote code execution through the Microsoft Management Console, and CVE-2024-43533, a flaw in the Remote Desktop Client that could let attackers gain unauthorized control over your system... There were some on the Mac too like CVE-2024-44308, affecting JavaScriptCore, and CVE-2024-44309, impacting WebKit...
So best way to stay safe is to install the latest versions of the security patches from trusted source.
sorry, you miss understand my question
hm something like THIS?
void setup() {
Serial.begin(115200);
while ( !Serial );
Serial.println("ESP32 ");
Serial.print("CONFIG_BT_ENABLED ");
Serial.println(CONFIG_BT_ENABLED);
Serial.print("CONFIG_BLUEDROID_ENABLED ");
Serial.println(CONFIG_BLUEDROID_ENABLED);
}
void loop() {
}
/* PRINTS here on ESP32S3
ESP32
CONFIG_BT_ENABLED 1
CONFIG_BLUEDROID_ENABLED 1
*/
is you question about checking if BT is enabled?
1 Like
yes, i want use WIFI but NOT BT
it's disabled by default
you could run this (typed here, mind typos)
#include "esp_bt.h"
void setup() {
Serial.begin(115200);
if (esp_bt_controller_get_status() == ESP_BT_CONTROLLER_STATUS_ENABLED) {
Serial.println("Bluetooth is enabled");
} else {
Serial.println("Bluetooth is not enabled");
}
}
void loop() {}
it should tell you
Bluetooth is not enabled
1 Like
1 Like
So this code is in the ROM?
As they write (see second link)
The “undocumented” HCI commands mentioned in the report are debug commands present in the Bluetooth controller IP in the ESP32.
So, not a backdoor. More like a hidden room in your house, which only you have access to.
Well the supply chain attack is still a possibility - but if someone as access to the device for long enough then all bets are off anyway.
How exactly what a supply chain attack work here?
If a vendor or factory is hacked by a hacker and its product's firmware is rewritten, the malicious products will be released into the market.
Isn't that true of every device that has programmable firmware? What is different about ESP32?
That is exactly what supply chain risk is.
I don't think this is intended to say that the ESP32 is particularly dangerous, in the sense that just because Espressif has officially denied any malicious intent doesn't mean that the risk has been reduced to zero.