- Tarlogic security researchers have found a hidden feature in the Bluetooth ESPC32 chip
- The affordable chip is in millions of national IoT devices worldwide
- The fault allowed the malicious actors to access the devices and sensitive data
A low -cost Bluetooth chip that would feed millions of Internet objects (IoT) in the world has a “hidden functionality” which allows those who know it, to perform arbitrary orders, to unlock additional features and even to extract sensitive information from the devices.
Tarlogic cybersecurity researchers said that ESPC32 chips, which allow connectivity via WiFi or Bluetooth, “have hidden commands not documented by the manufacturer”.
“These commands would make it possible to arbitrarily modify the chips to unlock additional features, to infect these chips with malicious code and even to carry out apparatus flight attacks,” they said.
Obtain confidential information
The ESP32 chip is built by a Chinese semiconductor company whose headquarters are in Shanghai, called espressive. It costs approximately $ 2 per unit and, according to the manufacturer, was sold a billion times in its creation at 2023.
Tarlogic says that its affordability is one of the main reasons why it is so commonly found in IoT Bluetooth devices for domestic use.
Tarlogic first described the results as a “stolen door”, but then went back on this terminology: “We would like to clarify that it is more appropriate to refer to the presence of HCI owners commands – which allow operations such as reading and modification of memory in the ESP32 controller – as” hidden characteristic “rather than” rear “, he said.
Stil, threat actors could use these orders to execute supply chain attacks, hide deadlines in the chipset or execute more sophisticated attacks, added Tarlogic. They could imitate the devices known to connect to mobile phones, computers and smart devices, even when they are in offline mode.
Tarlogic said that the objective is “to obtain confidential information stored on them, to have access to personal and commercial conversations and to spy on citizens and businesses”.
We have contacted espressive for a comment and update the article if we hear.
