@nelson There's a news story about "undocumented backdoor found in Bluetooth chip used by a billion devices" which turns out to be bunch of undocumented debugging commands accessible over HCI interface as implemented by the binary blob that's used to interface with ESP32's Bluetooth peripheral.

Which is a bad news for you if you exposed that HCI interface into untrusted contexts for some reason, I guess? Otherwise this development is actually empowering the users.

@dos I see. But anyone could use what was discovered against the ESP 32. Right?

@nelson Define "against".

The binary blob has features that let you do more than the official API does.

If your code exposes these capabilities outside, you're in for a nasty surprise, as you may have not factored these capabilities into your threat model. Otherwise - nothing changes; there are features there that you never used cause you didn't know about them, and they still remain unused in your code.

But now that you know about them, you may want to use them creatively in your projects :)

@nelson Worth adding that the same thing could have been achieved by writing a free replacement for the blob, like it's already happening for ESP32's Wi-Fi: https://esp32-open-mac.be/

@dos What I am wondering is: Can a device that uses the undocumented features harm one that does not?

@nelson If you use these to exploit other devices, then sure - just like you can with monitor mode and packet injection on a Wi-Fi card that allows you to do it.

Of course you could always use other tools to do the same thing, but probably not as cheap as ESP32.