Chip among billions of devices contains secret 'backdoor'

According to TechSpot , security researchers have discovered a set of 'hidden' commands that resemble an undisclosed 'backdoor' in the ESP32 microchip, a component widely used in billions of Internet of Things (IoT) devices worldwide . This discovery raises concerns about potential security vulnerabilities, although experts emphasize that the risk of remote exploitation is low.

The ESP32 'Heart' of Billions of Smart Devices Hides a 'Backdoor'

Manufactured by Espressif (China), ESP32 is a cheap chip (only about 2 USD) but plays an important role in providing Wi-Fi and Bluetooth connectivity for countless smart devices. From phones, computers, smart door locks, to medical devices, it is estimated that more than 1 billion devices are using ESP32.

Phát hiện cửa hậu trong chip ESP32 gây lo ngại cho thiết bị IoT - Ảnh 1. — Image of ESP32 chip in billions of IoT devices

Two researchers, Miguel Tarascó Acuña and Antonio Vázquez Blanco, from the Spanish security company Tarlogic Security, announced their findings at the RootedCON conference in Madrid. They found 29 special commands, not included in the official Espressif documentation, that allow deep intervention in the Bluetooth operation of the ESP32 chip.

Initially, the researchers called it a 'backdoor'. However, they later clarified that these were 'hidden features' capable of reading and writing to the chip's RAM and Flash memory, spoofing MAC addresses, and injecting packets into Bluetooth connections.

While these commands themselves are not malicious, they can be used by bad guys to install malware right from the manufacturing stage, or modify the firmware. They can even steal data, or perform illegal acts. The most dangerous is turning IoT devices into attack tools, or disabling security features.

However, experts stress that exploiting these commands remotely is very difficult and requires other vulnerabilities on the device. A more realistic attack scenario would typically require cybercriminals to have physical access to the device (via a USB or UART port).

To uncover these hidden commands, Tarlogic has developed a special tool called BluetoothUSB. This is a C-based Bluetooth USB driver that allows for the inspection of Bluetooth traffic independently of the hardware and operating system. This tool is expected to make it easier for security experts to detect and patch vulnerabilities in Bluetooth devices.

The incident once again highlights the importance of firmware security, especially as low-cost IoT devices become more common. While the hidden commands on the ESP32 may simply be a development oversight, it serves as a reminder of the potential risks in the world of the Internet of Things.

Source: https://thanhnien.vn/con-chip-nam-trong-hang-ti-thiet-bi-co-chua-cua-hau-bi-mat-185250310091836408.htm