David Schwartz, chief technology officer at enterprise blockchain company Ripple, has already commented on a recently discovered Bluetooth vulnerability affecting close to a billion devices.
“Not good,” the architect behind the XRP Ledger said in a recent social media post.
Earlier this week, Tarlogic, a Spanish company specializing in cybersecurity, revealed that it had discovered a backdoor in the widely used ESP32 microcontroller.
The low-cost chip, which can be purchased for roughly $2, can be found in the “vast majority of Bluetooth IoT devices,” according to Tarlogic. Some of the examples of such devices include smart watches, smart locks, LED controllers, fitness trackers, IoT-enabled speakers, security cameras and so on.
However, it turns out that the chip can be infected with malicious code due to the presence of hidden commands. Tarlogic discovered a total of 29 commands that had not been documented before.
This undocumented backdoor could potentially allow bad actors to gain access to devices using the ESP32 chip even if they are offline. Their motives could range from stealing sensitive personal data to spying.
That said, some commentators have questioned whether undocumented commands can actually qualify as a backdoor.
Espressif, the Chinese semiconductor company behind the chip, is yet to comment on the recent finding. Moreover, it appears like there is no easy solution to this problem that does not involve replacing all hardware.
Last year, Schwartz also warned about a Windows vulnerability that made it possible for attackers to run arbitrary code within a Wi-Fi range.
