ESP32 Bluetooth Chip Contains Undocumented Commands, Sparking Security Concerns

Security researchers have uncovered 29 hidden commands in the ESP32 Bluetooth firmware—potentially opening the door to device spoofing, memory access, and advanced Bluetooth attacks. The ESP32 chip, manufactured by Espressif and used in over a billion devices worldwide, was found to contain undocumented debugging functions that could allow attackers to manipulate RAM/Flash memory, impersonate devices, and exploit Bluetooth traffic. This discovery was made by Tarlogic Security researchers, who presented their findings at RootedCON in Madrid. They warned that these commands could enable long-term persistence on compromised IoT devices, making them a prime target for cyber threats. Espressif has since responded, stating that these are internal debug features meant for testing and that they do not pose a direct security risk. However, the company has committed to removing them in a future software update. Given the widespread use of ESP32 in smart devices, this discovery raises serious questions about supply chain security and the potential for exploitation. Device manufacturers and security teams should stay alert for updates to mitigate risks. 🔗 More details in the researchers’ full report
BleepingComputer
Undocumented commands found in Bluetooth chip used by a billion dev...
The ubiquitous ESP32 microchip made by Chinese manufacturer Espressif and used by over 1 billion units as of 2023 contains undocumented commands that could be leveraged for attacks.
No description
1 Reply
Umesh Lokhande
Umesh Lokhande•3w ago
Interesting, there's much to learn from this release. I hope Tarlogic continues investigating similar issues in other wireless coprocessors (as well).

Did you find this page helpful?