FlagThis

An undocumented "backdoor," which is really undocumented commands, has been discovered in the ESP32 microchip, a product of the Chinese manufacturer Espressif. This chip is a cornerstone in the Internet of Things (IoT) ecosystem, providing essential Bluetooth and Wi-Fi connectivity. It is widely used in over a billion devices as of 2023. The "backdoor," as it is referred to, could be leveraged for attacks including spoofing trusted devices, unauthorized data access, and pivoting to other devices on the network.

This discovery was made by Spanish researchers Miguel Tarascó Acuña and Antonio Vázquez Blanco from Tarlogic Security, who presented their findings at RootedCON. Their research underscores the critical need for robust security measures in IoT devices. The potential impact could be extensive, considering the chip’s widespread usage. This discovery raises concerns about the security of numerous devices and systems that rely on the ESP32 for their operations.

ImgSrc: socprime.com

References :

• infosec.exchange: Ok, poll for the "supply chain risk management" people! There's a backdoor in the ESP32 wifi/bluetooth chip.
• Anonymous ???????? :af:: The ubiquitous microchip made by Chinese manufacturer Espressif and used by over 1 billion units as of 2023 contains an undocumented "backdoor" that could be leveraged for attacks.
• The DefendOps Diaries: Discover the ESP32 backdoor's impact on IoT security and the urgent need for robust protection measures.
• www.bleepingcomputer.com: The ubiquitous ESP32 microchip made by Chinese manufacturer Espressif and used by over 1 billion units as of 2023 contains an undocumented "backdoor" that could be leveraged for attacks.
• BleepingComputer: Infosec.Exchange post about ESP32 Microchip Backdoor
• BleepingComputer: Infosec.Exchange post about ESP32 microchip with undocumented backdoor.
• Jon Greig: IOC.Exchange post about the backdoor
• TARNKAPPE.INFO: Bluetooth-Chip-Backdoor entdeckt: Ãœber 1 Mrd. Geräte betroffen
• Rescana: Unveiling the ESP32 Bluetooth Chip Backdoor: Security Vulnerabilities and Mitigation Strategies
• BleepingComputer: The ubiquitous ESP32 microchip made by Chinese manufacturer Espressif and used by over 1 billion units as of 2023 contains undocumented commands that could be leveraged for attacks.
• dragosr: Oh, is that all? A few (billion?) ESP32 devices let attackers establish persistency in local flash using an undocumented commands set accessible from an over the air pivot, and low level protocol injection and spoofing control...
• securityaffairs.com: Undocumented hidden feature found in Espressif ESP32 microchip
• BleepingComputer: The ubiquitous ESP32 microchip made by Chinese manufacturer Espressif and used by over 1 billion units as of 2023 contains an undocumented "backdoor" that could be leveraged for attacks.
• Davey Winder: Identity Theft Warning—Hidden Commands In 1 Billion Bluetooth Chips
• www.techradar.com: Top Bluetooth chip security flaw could put a billion devices at risk worldwide
• Security | TechRepublic: Researchers warn these commands could be exploited to manipulate memory, impersonate devices, and bypass security controls.
• BetaNews: Attackers can use undocumented commands to hijack Chinese-made Bluetooth chips
• CyberInsider: Hidden Commands Discovered in Bluetooth Chip Used in a Billion Devices
• bsky.app: Undocumented "backdoor" found in Bluetooth chip used by a billion devices
• Matthew Rosenquist: The recent undocumented code in the ESP32 microchip, made by Chinese manufacturer Espressif Systems, is used in over 1 billion devices and could represent a cybersecurity risk.
• SOC Prime Blog: CVE-2025-27840: Vulnerability Exploitation in Espressif ESP32 Bluetooth Chips Can Lead to Unauthorized Access to Devices

Classification:

• HashTags: #ESP32 #IoTBackdoor #ChipSecurity
• Company: Espressif
• Target: IoT Devices
• Product: ESP32
• Feature: backdoor
• Type: Vulnerability
• Severity: Major