Tarlogic detects a hidden feature in the mass-market ESP32 chip that could infect millions of IoT devices
www.tarlogic.com
Tarlogic presents research revealing undocumented commands in the ESP32 microchip, present in millions of smart devices with Bluetooth
Source Link Privacy.

Privacy test result

https://themarkup.org/blacklight?url=https%3A%2F%2Fwww.tarlogic.com%2Fnews%2Fbackdoor-esp32-chip-infect-ot-devices%2F&device=mobile&location=us-ca&force=false

Tarlogic Security has detected a backdoor in the ESP32, a microcontroller that enables WiFi and Bluetooth connection and is present in millions of mass-market IoT devices. Exploitation of this backdoor would allow hostile actors to conduct impersonation attacks and permanently infect sensitive devices such as mobile phones, computers, smart locks or medical equipment by bypassing code audit controls.

Update: The ESP32 “backdoor” that wasn’t.

  • 60d@lemmy.caEnglish
    37·
    16 hours ago

    The ESP32 chip, developed by Espressif Systems, is widely used in various IoT (Internet of Things), embedded systems, and consumer electronics due to its low power consumption, built-in Wi-Fi & Bluetooth, and high processing capability.

    Devices That Use the ESP32 Chip

    1. Development Boards & Microcontrollers

    ESP32 DevKit series (official Espressif boards)

    M5Stack and M5Stick series

    Adafruit HUZZAH32

    SparkFun ESP32 Thing

    LilyGO T-Series (T-Display, T-SIM, T-Watch, etc.)

    WEMOS Lolin D32/D32 Pro

    1. Smart Home & IoT Devices

    Sonoff Smart Switches and Plugs (e.g., Sonoff Mini R3, Sonoff S31)

    Shelly Smart Relays (e.g., Shelly 1, Shelly 2.5)

    Tuya-Based Smart Devices (many smart home products use Tuya firmware on ESP32)

    Air quality monitors (e.g., AirGradient open-source air sensors)

    IoT Sensor Hubs (various DIY and commercial solutions)

    1. Wearables & Portable Devices

    TTGO T-Watch (ESP32-based smartwatch)

    Heltec WiFi Kit Series (LoRa-enabled IoT devices)

    Fitness trackers (some DIY and prototype models)

    1. Robotics & DIY Electronics

    ESP32-CAM (ESP32-based camera module)

    DIY drones & robots (used in hobbyist and educational robotics)

    3D Printer controllers (e.g., ESP32-based Klipper controllers)

    1. Industrial & Commercial Products

    ESP32-based vending machines (wireless payment systems)

    Smart irrigation controllers

    Energy monitoring devices (e.g., OpenEnergyMonitor)

    Smart locks & security systems

    1. Audio & Multimedia Devices

    ESP32-based web radios

    DIY Bluetooth speakers

    Smart light controllers with voice assistants

    Why Is ESP32 Popular?

    ✔ Low-cost & powerful (dual-core, Wi-Fi, Bluetooth) ✔ Great for DIY & commercial IoT applications ✔ Strong developer community & open-source support ✔ Compatible with Arduino, MicroPython, ESP-IDF, etc.

      • 60d@lemmy.caEnglish
        13·
        15 hours ago

        I wonder which IoT devices are affected, beyond DIY, that people actually use in North America.

        • sem@lemmy.blahaj.zoneEnglish
          1·
          4 hours ago

          I have a cheap wireless hygrometer in the house… I don’t know which chip gives it its capability. I just know ESP32 is the most common one.