177
Undocumented "backdoor" found in Bluetooth chip used by a billion devices
(www.bleepingcomputer.com)
this post was submitted on 08 Mar 2025
177 points (88.3% liked)
Privacy
35219 readers
420 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
much thanks to @gary_host_laptop for the logo design :)
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
What is this article on about?
Here's the actual presentation: https://www.documentcloud.org/documents/25554812-2025-rootedcon-bluetoothtools/
I don't speak Spanish and only have the slides to go off of, but this doesn't sound like a "backdoor". ~~This sounds like they found the commands for regulatory testing. To do emissions testing you need to be able to make the device transmit on command so that your testing house can verify you're within legal limits on everything.~~
~~These are commands that can be given over USB. You know what else you can do over USB? Fucking anything, these chips have a JTAG USB device. (Now, if these are commands that can't be turned off, that would be kinda bad, I guess? But still not really a super big problem. And I don't see anything that implies that in the slides.)~~
[Edit: It's not even that this is a "backdoor" in an internal peripheral interface. I think the "backdoor" is if you have software that exposes that interface somehow? Like you're running an example that blindly copies stuff from an external UART to this interface? Like I think that's it?]
The tone I get from the slides is more "hey we found this cool tool for doing Bluetooth stuff that doesn't require writing embedded software". Which, cool. But that's sure not the point this article is trying to make.
The discoverers themselves refer to it as a backdoor, so frankly I don't know what you're on about accusing this article of misrepresenting their findings.
Please correct if inaccurate, but I don't see in that article where the folks at Espressif refer to it as a backdoor, only the security company. This seems to me as though it is no more vulnerable than any other device which can be compromised by physical access, which is most of devices. The vulnerability really looks to be more in the ability to pivot to other devices remotely after one has been compromised physically, which isn't ideal, but still doesn't seem to me to be any less secure than most other devices.
I mean, if it were a backdoor, the one thing you can be sure of is that the people who put it there wouldn't be calling it a backdoor, ever.
Though, I think it's worth pointing out that the while the security company's blog calls whatever it is a "backdoor", "backdoor" (nor "puerta" (though, I have no idea if that would be translated literally or to something else)) doesn't appear in the the slides. So I'm going to lay that one at the marketing people trying to drum it up into something more impressive than it really is.