leah & glitches & bits, oh my!  

i don't think i'd just call that a "backdoor". i think i'd call that a full-on debugger interface. in Bluetooth. in the open.

whoops.

infosec.exchange/@mttaggart/11

1+
regretful devops  

@millihertz yeah, I got real concerned at the headline since my job is built around ESP32s, but this seems like nothing.

In summary, someone could overwrite the firmware in your widget over bluetooth and from there overwrite firmware in any ESP32 that comes nearby.

I guess it might bypass flash encryption so you can dump keys or whatever, but still, not an earth-shattering revelation

1
Sebastian Krzyszkowiak
Follow

@rolenthedeep @millihertz Not even over Bluetooth, but over Bluetooth's HCI - so actually over UART and only if you happen to expose HCI there...

· Tuba · 1 · 0 · 0
regretful devops  

@dos
Huh, I wonder if they were trying to implement JTAG/ocd over HCI. That could have been *super* useful for certain applications
@millihertz

0
Sign in to participate in the conversation
Librem Social

Librem Social is an opt-in public network. Messages are shared under Creative Commons BY-SA 4.0 license terms. Policy.

Stay safe. Please abide by our code of conduct.

(Source code)

image/svg+xml Librem Chat image/svg+xml