A low-cost Bluetooth chip, which allegedly powers millions of Internet of Things (IoT) devices around the world, contains a “hidden feature” that allows those who are aware of it to execute arbitrary commands, unlock additional functions, and even extract sensitive information from the devices.
The Hidden Threat in ESP32 Chips
Researchers from Tarlogic have raised alarms about ESP32 chips, which enable WiFi and Bluetooth connectivity in many IoT devices. Developed by Espressif, a semiconductor company based in Shanghai, these chips are extremely affordable (around $2 per unit) and have been used in over a billion devices worldwide. However, researchers discovered that these chips contain undocumented “hidden commands” that can be exploited to modify the chips, unlock additional features, and potentially compromise the security of the devices.
>>>BTY-M6M2 for MSI MS-15F2 MS-15F3 MS-15F4
Tarlogic first described the findings as a “backdoor”, but later backtracked on that terminology: “We would like to clarify that it is more appropriate to refer to the presence of proprietary HCI commands—which allow operations such as reading and modifying memory in the ESP32 controller—as a “hidden feature” rather than a “backdoor.”,” it said.
Potential Attack Scenarios
These commands pose significant risks for both personal and corporate security, as threat actors could use them to impersonate IoT devices, access confidential data, and even eavesdrop on private conversations.:
- Supply Chain Attacks: Attackers could compromise the chips during the manufacturing process and embed malicious software that is difficult to detect.
- Device Impersonation: Threat actors could impersonate IoT devices to gain access to mobile phones, smart home systems, and even corporate networks.
- Data Extraction: Attackers could extract sensitive personal or business information stored on affected devices.
- Surveillance: The hidden feature could be used for surveillance, allowing attackers to monitor conversations, gather intelligence, or track user behavior.
>>>STP8000 for Sepura STP8000 STP8038 STP8038 STP8020
Tarlogic says that its affordability is one of the main reasons why it is so commonly found in Bluetooth IoT devices for domestic use. From smart home devices to wearables, these chips power millions of everyday gadgets, creating a potential security nightmare if exploited.