FlagThis

A series of security vulnerabilities has been uncovered in the widely used ESP32 microchip, a product of Chinese company Espressif Systems. This chip, found in over a billion devices as of 2023, is commonly utilized for Wi-Fi and Bluetooth connectivity in numerous IoT devices. Researchers at Tarlogic Security have detected undocumented commands within the ESP32's Bluetooth firmware, potentially creating a backdoor that could be exploited for cyberattacks. These hidden manufacturer-specific commands, identified as opcode 0x3F, enable low-level control over Bluetooth functions.

These vulnerabilities pose significant risks, potentially allowing malicious actors to impersonate known devices, even in offline mode. This could lead to the infection of sensitive devices like cell phones, computers, smart locks, and medical equipment, bypassing existing code audit controls. By exploiting these undocumented commands, attackers could gain unauthorized access to confidential information stored on these devices, enabling the spying on personal and business conversations. The potential for remote code execution via wireless interfaces makes this a high-severity issue.

ImgSrc: i.postimg.cc

References :

• gbhackers.com: Espressif Systems Flaws Allow Hackers to Execute Arbitrary Code
• www.cysecurity.news: Undocumented ESP32 Commands Pose Security Risks, Researchers Warn
• borncity.com: Tarlogic Security detects unknown commands in ESP32 chip (BlueTooth, WiFi)
• DAY[0]: Discussion on the ESP32 "backdoor" drama

Classification:

• HashTags: #esp32 #iot #bluetooth
• Company: Espressif Systems
• Target: IoT Devices
• Product: ESP32
• Feature: arbitrary code execution
• Type: Vulnerability
• Severity: Major