News
Billions of devices vulnerable to secret Bluetooth chip commands
This could potentially allow attackers to write directly to the chip’s memory, spoof MAC addresses, and impersonate trusted devices.
Just a heads up, if you buy something through our links, we may get a small share of the sale. It’s one of the ways we keep the lights on here. Click here for more.
Remember when we thought the scariest thing about our smart devices was them listening to our conversations?
Well, researchers just found something way more interesting: a whole bunch of “undocumented features” in those ubiquitous ESP32 chips that are probably sitting in your smart doorbell, fitness tracker, or that weird smart toaster you bought during a late-night shopping spree.
Spanish security researchers at Tarlogic Security just dropped a bombshell at RootedCON in Madrid. Turns out that Espressif’s ESP32 chip has been hiding 29 secret commands that nobody was supposed to know about.
These aren’t just your garden-variety hidden features either. We’re talking about commands that let you write directly to the chip’s memory, spoof MAC addresses (hello, device impersonation!), and basically turn these tiny chips into a hacker’s personal playground.
For example, these commands could potentially allow attackers to:
- Turn compromised devices into permanent spy stations
- Pivot attacks across networks
- Plant malware that survives factory resets
- Impersonate trusted devices
Espressif, the chip’s manufacturer, hasn’t commented yet on why these commands exist or whether they’re intentional developer tools that weren’t supposed to see the light of day.
How Bad Is It, Really?
Here’s the thing: according to market research, these chips are in billions of devices, making a big portion potentially vulnerable.
The good news? You probably don’t need to throw your smart home setup into the nearest volcano just yet.
Security experts note that exploiting these commands typically requires physical access to the device or some serious prior compromise.
So unless you’ve got a particularly motivated adversary who’s already breached your defenses, you’re probably not their first target.
What Now?
While we wait for Espressif to explain why their chips have more hidden features than a PlayStation 2 game, the practical advice remains pretty straightforward.
You have to keep your devices updated, don’t let strangers physically mess with your smart gadgets, and maybe think twice about connecting your toaster to the internet.
And hey, at least now we know why our smart devices sometimes seem to have a mind of their own. Maybe they’ve just been listening to commands we didn’t know existed.
What are your thoughts on these secret commands? Do you think manufacturers should be more transparent about the features of their devices? Share your opinions in the comments below.
Follow us on Flipboard, Google News, or Apple News
