Undocumented commands found in Bluetooth chip used by a billion devices
The ubiquitous ESP32 microchip made by Chinese manufacturer Espressif and used by over 1 billion units as of 2023 contains undocumented commands that could be leveraged for attacks.
The undocumented commands allow spoofing of trusted devices, unauthorized data access, pivoting to other devices on the network, and potentially establishing long-term persistence.
This was discovered by Spanish researchers Miguel Tarascó Acuña and Antonio Vázquez Blanco of Tarlogic Security, who presented their findings yesterday at RootedCON in Madrid.
"Tarlogic Security has detected a backdoor in the ESP32, a microcontroller that enables WiFi and Bluetooth connection and is present in millions of mass-market IoT devices," reads a Tarlogic announcement shared with BleepingComputer.
"Exploitation of this backdoor would allow hostile actors to conduct impersonation attacks and permanently infect sensitive devices such as mobile phones, computers, smart locks or medical equipment by bypassing code audit controls."
The researchers warned that ESP32 is one of the world's most widely used chips for Wi-Fi + Bluetooth connectivity in IoT (Internet of Things) devices, so the risk is significant. Bleeping computer
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Jordan News
2 days ago
- Jordan News
Berlin Urges Apple and Google to Remove DeepSeek Over Data Privacy Concerns - Jordan News
Berlin Urges Apple and Google to Remove DeepSeek Over Data Privacy Concerns Germany's top data protection authority has officially requested Apple and Google to remove the AI app DeepSeek from their respective app stores, citing unlawful data transfers to China and potential state surveillance. اضافة اعلان DeepSeek recently soared to become the top free app on the U.S. App Store, overtaking ChatGPT. However, scrutiny quickly followed after it was revealed that DeepSeek's answers are censored when questions may reflect poorly on the Chinese government. Moreover, the app's privacy policy states that user data, including queries and uploaded files, are stored on servers located in China. According to PhoneArena, Chinese intelligence laws allow the government to access these servers, heightening concerns among European regulators. German Data Protection Commissioner Maike Kamp said her office contacted Apple and Google, urging them to delist the app due to 'illegal transfer of personal data outside the EU.' DeepSeek has already been banned from app stores in Italy and South Korea, and removed from government devices in the Netherlands. In Germany, Apple and Google are now reviewing the request but no deadline has been set for a final decision. Regulatory concern intensified after a Reuters investigation alleged that DeepSeek provides support to Chinese military and intelligence operations. Kamp stated that DeepSeek was previously given the chance in May to comply with EU data transfer rules or voluntarily withdraw the app—but the company did not respond. Meanwhile, U.S. lawmakers are preparing legislation to ban government agencies from using AI models developed in China, including DeepSeek. However, the app is still available to the general public via the iOS App Store and Google Play in the U.S. This escalating backlash may set the stage for broader restrictions on AI platforms linked to authoritarian regimes, especially those with opaque data practices and national security implications. Source: Youm7
Ammon
2 days ago
- Ammon
Gmail for Android starts rolling out ‘mark as read' button
Ammon News - Google is making a notable quality-of-life improvement to Gmail notifications by adding a 'Mark as read' button on Android. To date, Gmail for Android notifications let you 'Reply' and pick between 'Archive' or 'Delete' (Settings > General settings > Default notification action). Some Gmail users (via Android Authority) are beginning to see a new 'Mark as read' option that appears first in the row of actions. Immediate access to this from notifications provide a convenient way to triage email without opening the actual app. It's less drastic an action compared to archiving and removing from your inbox entirely. So far, there are only two reports of this server-side rollout in the past week. It's not available on devices we checked today. Historically, Gmail takes quite a bit of time to widely roll out features.
Roya News
2 days ago
- Roya News
Trump says TikTok buyer found
US President Donald Trump announced in a Fox News interview that a buyer has been found for TikTok, the popular video-sharing platform facing a potential ban in the United States. The announcement comes after Trump extended the deadline for the sale, now set for September 17, under a law passed by Congress in 2024. Responding to a question about the buyer's identity, Trump said it was a group of 'very wealthy people,' promising to reveal more details 'in about two weeks'. The 2024 law requires TikTok's Chinese parent company, ByteDance, to divest its ownership due to national security concerns over data privacy and fears of potential influence operations by Beijing. Lawmakers from both the Republican and Democratic parties have expressed bipartisan concern over China's access to user data and its ability to sway public opinion in the US. This marks the third time Trump has extended the sale deadline, keeping TikTok accessible to its more than 170 million US users in the meantime. US media reports indicate that an agreement was reached in early April outlining the separation of TikTok's US operations from ByteDance through a restructuring of ownership. Under the proposed deal, non-Chinese investors' shares would increase from 60 percent to 80 percent, while ByteDance would retain a reduced 20 percent stake. However, escalating trade tensions, including Trump's announcement of new tariffs on trading partners, including China, have delayed the deal's approval from the Chinese side. On Friday, China confirmed the details of a broader trade agreement with the US, saying Washington would 'lift restrictions,' while Beijing would 'review' export controls on sensitive materials such as rare earth elements essential for electric batteries, missile systems, satellites, and radar technology. Trump added Sunday, 'I think I'll probably need China. I believe President Xi will go ahead with it,' referring to the need for final approval from Chinese leader Xi Jinping to complete the deal.
