This post refutes the claim that researchers found a "backdoor" in ESP32 Bluetooth chips. What the researchers highlight (vendor-specific HCI commands to read & write controller memory) is a common design pattern found in other Bluetooth chips from other vendors as well, such as Broadcom, Cypress, and Texas Instruments. Vendor-specific commands in Bluetooth effectively constitute a "private API", and a company's choice to not publicly document their private API does not constitute a "backdoor".
  • Godort@lemm.eeEnglish
    1·
    11 days ago

    I mean, this doesn’t really change anything from a practical perspective. It just highlights that the verbage in the press release was alarmist.

    It’s still a security concern that most users will be unaware of.

  • Darkassassin07@lemmy.caEnglish
    0·
    11 days ago

    Potato, potato…

    Whether we call them ‘undocumented commands’ or a ‘backdoor’, the affect is more or less the same; a series of high-level commands not listed within the specs, preventing systems engineers/designers from planning around vulnerabilities and their potential for malicious use.

    • ShadowRam@fedia.io
      0·
      11 days ago

      The dude that wrote this blog is a goof…

      defines backdoor as “relating to something that is done secretly

      effectively constitute a “private API”, and a company’s choice to not publicly document their private API

      Idiot thinks these are two different things…

      Are they are trying to argue that malicious intent is needed to define it as a back door?

      Moron…

      • FanBlade@lemmynsfw.comEnglish
        1·
        10 days ago

        You’re very smart. I didn’t realize that until you called someone a goof, idiot and moron, but now it’s very clear that you have far superior intelligence.