Attackers can use undocumented commands to hijack Chinese-made Bluetooth chips
Security researchers have shared details of newly discovered, undocumented commands in ESP32 Bluetooth firmware that can be exploited by an attacker. The Chinese-made chip is found in millions of devices, meaning the findings are significant.
Speaking at RootedCON in Madrid, researchers from Tarlogic Security, Miguel Tarascó Acuña and Antonio Vázquez Blanco, described the “hidden functionality” they have unearthed as a backdoor, but later conceded that this may be a misleading description. They warn that exploitation could allow “hostile actors to conduct impersonation attacks and permanently infect sensitive devices such as mobile phones, computers, smart locks or medical equipment by bypassing code audit controls”.