Have they said that recently? The only definitive comment I remember from them was something along the lines "definitely not in the next 2-3 years" around launch, which was 3 years ago.
Not saying that means I "expect" it's happening, just curious if you know of anything more recent that says its not happening.
It's not even over USB by default. It's an internal binary driver API. The USB part is a custom firmware for the ESP that exposes that api via USB that the people giving the talk wrote because it's useful for pentesting / development of exploits for other Bluetooth devices.
Yep, I'm seeing it now too. 👍
I know this website seems sketchy/scammy AF, but I found that these actually do a good job dimming the LEDs to reasonable levels, but keeping them visible.
https://www.lightdims.com/store.htm
I imagine (mostly because of all the "patent pending" bs) that this is a film you just just buy from somewhere else way cheaper, I just don't know what it is.
Idea Not Found
Tried creationg an account and still don't see it.
Maybe we can find out for sure through the magic of the fediverse...
@[email protected] Is the "backdoor" mentioned in https://www.tarlogic.com/news/backdoor-esp32-chip-infect-ot-devices/ about what you shared in your RootedCON talk? If so, how worried should people using devices containing ESP32s be?
I don't think is is a backdoor. At the moment I wouldn't consider this article any more than FUD.
It's unclear to me if the security company has actually said what the vuln is or not, but if it's what was presented in the slides linked in the article this is at worst something that can be "attacked" from a computer connected via USB (and I'm pretty sure it would also require special software already on the ESP32), where the attack is sending out possibly invalid bluetooth messages to try to attack other devices or flashing new firmware to the ESP itself. It's not a general "backdoor" in the ESP32 itself. At least that's the best interpretation I've been able to make. Happy to be corrected if anyone finds more info.
I mean, if it were a backdoor, the one thing you can be sure of is that the people who put it there wouldn't be calling it a backdoor, ever.
Though, I think it's worth pointing out that the while the security company's blog calls whatever it is a "backdoor", "backdoor" (nor "puerta" (though, I have no idea if that would be translated literally or to something else)) doesn't appear in the the slides. So I'm going to lay that one at the marketing people trying to drum it up into something more impressive than it really is.
Huh, that is interesting. Though, that post doesn't seem to have any info about what the backdoor is either.
Tarlogic Security has detected a backdoor in the ESP32, a microcontroller that enables WiFi and Bluetooth connection and is present in millions of mass-market IoT devices. [...] This discovery is part of the ongoing research carried out by the Innovation Department of Tarlogic on the Bluetooth standard. Thus, the company has also presented at RootedCON, the world’s largest Spanish-language cybersecurity conference, BluetoothUSB, a free tool that enables the development of tests for Bluetooth security audits regardless of the operating system of the devices. [Emphasis mine.]
Maybe the presentation has nothing to do with the actual backdoor?
Though, this part later might seem to imply they are related:
In the course of the investigation, a backdoor was discovered in the ESP32 chip, [...] Tarlogic has detected that ESP32 chips [...] have hidden commands not documented by the manufacturer. These commands would allow modifying the chips arbitrarily to unlock additional functionalities, [...].
Which, best I can work out, seems to be talking about the information on slide titled "COMANDOS OCULTOS" (page 39 / "41").
If the "backdoor" is the couple of commands in red on that slide, I maintain what I said above. If it's not talking about that and there's another "backdoor" that they haven't described yet, well, then ¯\_(ツ)_/¯ we'll see what it is when they actually announce it.
I fully acknowledge there may be something I'm missing. If there's a real vuln/backdoor here, I'm sure we'll hear more about it.
Fry and the Slurm Factory