Tarlogic Security has discovered hidden features in the ESP32 chip, a microcontroller widely used in millions of IoT devices for Wi-Fi and Bluetooth connectivity, produced by the Chinese company Espressif. The discovery, presented during the Rootedcon conference, reveals the presence of commands not documented by the manufacturer, potentially exploitable as a backdoor for attacks of impersonation and permanent infections.
The exploitation of this hidden functionality could compromise the security of sensitive devices such as cell phones, computers, intelligent locks and medical equipment, allowing malicious actors to bypass the code audit checks. The potential impact includes the theft of identity, access to confidential information and the espionage of citizens and companies.
Espressif promptly recognized the presence of the discovered commands, but stressed that these are internal features that cannot be used remotely and has announced measures to mitigate its potential risk.
The discovery of hidden commands is the result of an in -depth analysis conducted using the BSAM methodology, developed by Tarlogic. The owner controls found in the ESP32 chip allow operations such as reading and modifying the controller memory, offering a potential carrier for attacks on the supply chain and the concealment of backdoor.
The ESP32 microcontroller, developed by Espressif Systems, has found vast application in modern electronic devicesthanks to its ability to support Wi-Fi and Bluetooth connections. This versatility makes it particularly suitable for use in IoT (Internet of Things) devices, which require constant and reliable wireless connectivity to function effectively.
Among the various environments in which the ESP32 is used, Intelligent domestic devices stand out. Bulbs, sockets, thermostats, locks and security cameras These are just some examples of how this chip makes our homes more connected and easily manageable via smartphone or voice commands.
The indossible sector benefits also significantly of ESP32. Smartwatch and fitness tracker use this microcontroller to monitor users’ daily activities and synchronize them with their mobile devicesthus guaranteeing a continuous flow of personal data relevant to health and fitness.
In the industrial field, the ESP32 is essential for sensors and control systems that require reliable and long -term connections, thus supporting automation and operational efficiency in various industrial applications. Finally, for electronics enthusiasts and makers, the ESP32 opens infinite possibilities in do-it-yourself projects. Whether it’s domestic automation, robotics or development of environmental sensors, the chip offers a robust and versatile platform to experiment and innovate.
