Massive ESP32 Chip Flaw: Undocumented Backdoor Found in Over 1 Billion Devices
2025-03-08
Researchers have uncovered a critical vulnerability in the widely used ESP32 microchip, affecting over a billion devices. 29 undocumented commands act as a backdoor, enabling attackers to spoof trusted devices, access data without authorization, pivot to other network devices, and establish persistent access. This vulnerability poses significant risks to IoT security, particularly when combined with existing root access or malicious firmware. The discovery, made by Tarlogic Security using a newly developed cross-platform Bluetooth driver, highlights the importance of comprehensive security testing in widely deployed hardware. Espressif, the manufacturer, has yet to publicly comment.