Skip to content
- A newly discovered Bluetooth vulnerability in ESP32 chips may impact nearly a billion devices worldwide.
- Experts warn that hidden backdoor commands in ESP32 chips could allow hackers to access offline IoT devices.
- Ripple CTO David Schwartz reacts to the ESP32 chip security flaw, calling it a serious concern for connected devices.
ESP32 microcontrollers have exposed an unidentified Bluetooth bug, leading researchers to fear the impact on about one billion device users. Ripple Chief Technology Officer David Schwartz shared his concerns about the matter through social media platform posts when he declared it a “not good” situation.
The Spanish cybersecurity company Tarlogic discovered that ESP32 chips include 29 undocumented commands that could function as remains of a hidden backdoor. The secret commands provide hackers with the ability to execute malicious code installations against devices that are disconnected from the internet. Various IoT devices implement the ESP32 chip to function as smartwatches alongside smart locks, LED controllers, fitness trackers, and security cameras.
Hidden Backdoor Raises Security Alarms
This vulnerability gives unauthorized access to all ESP32 chip-enabled devices, thus enabling attackers to exploit these devices for malicious actions. The security flaw allows cybercriminals to access user data and perform actions, including monitoring device users or controlling linked devices. Because this chip has numerous applications throughout the market, its overall destructive potential is significant.
Tarlogic’s report states that the issue lies in hidden commands embedded within the chip’s firmware. The undocumented commands remained unknown to manufacturing enterprises and cybersecurity field experts until their discovery. Expert opinions now examine the nature of these commands by debating whether they represent an intentional security vulnerability or a product design oversight.
Espressif, which produces ESP32 chips, remains silent about the serious product problem despite no official announcements from the Chinese semiconductor company. The repair of this problem appears to be complex since it would necessitate changing hardware components according to industry sector analysis. Physical components contain this security flaw, which makes remote software vulnerability patching impossible, and such repairs pose significant challenges.
Schwartz made public declarations about security vulnerabilities last year when he highlighted how Windows users faced coding threats through Wi-Fi connections. The cybersecurity community continues to discuss matters because of Schwartz’s recent comments regarding the ESP32 vulnerability.
Security researchers now advise manufacturers to tackle this problem while developing potential defense strategies because of rising security concerns. Users who operate affected devices must practice caution while waiting for security updates from their manufacturers.
Also Read: Ripple CTO Confirms Ongoing XRP Sales to Fund Company Operations
