I don’t speak Spanish and only have the slides to go off of, but this doesn’t sound like a “backdoor”. This sounds like they found the commands for regulatory testing. To do emissions testing you need to be able to make the device transmit on command so that your testing house can verify you’re within legal limits on everything.
These are commands that can be given over USB. You know what else you can do over USB? Fucking anything, these chips have a JTAG USB device. (Now, if these are commands that can’t be turned off, that would be kinda bad, I guess? But still not really a super big problem. And I don’t see anything that implies that in the slides.)
The tone I get from the slides is more “hey we found this cool tool for doing Bluetooth stuff that doesn’t require writing embedded software”. Which, cool. But that’s sure not the point this article is trying to make.
The discoverers themselves refer to it as a backdoor, so frankly I don’t know what you’re on about accusing this article of misrepresenting their findings.
Please correct if inaccurate, but I don’t see in that article where the folks at Espressif refer to it as a backdoor, only the security company. This seems to me as though it is no more vulnerable than any other device which can be compromised by physical access, which is most of devices. The vulnerability really looks to be more in the ability to pivot to other devices remotely after one has been compromised physically, which isn’t ideal, but still doesn’t seem to me to be any less secure than most other devices.
What is this article on about?
Here’s the actual presentation: https://www.documentcloud.org/documents/25554812-2025-rootedcon-bluetoothtools/
I don’t speak Spanish and only have the slides to go off of, but this doesn’t sound like a “backdoor”. This sounds like they found the commands for regulatory testing. To do emissions testing you need to be able to make the device transmit on command so that your testing house can verify you’re within legal limits on everything.
These are commands that can be given over USB. You know what else you can do over USB? Fucking anything, these chips have a JTAG USB device. (Now, if these are commands that can’t be turned off, that would be kinda bad, I guess? But still not really a super big problem. And I don’t see anything that implies that in the slides.)
The tone I get from the slides is more “hey we found this cool tool for doing Bluetooth stuff that doesn’t require writing embedded software”. Which, cool. But that’s sure not the point this article is trying to make.
The discoverers themselves refer to it as a backdoor, so frankly I don’t know what you’re on about accusing this article of misrepresenting their findings.
Please correct if inaccurate, but I don’t see in that article where the folks at Espressif refer to it as a backdoor, only the security company. This seems to me as though it is no more vulnerable than any other device which can be compromised by physical access, which is most of devices. The vulnerability really looks to be more in the ability to pivot to other devices remotely after one has been compromised physically, which isn’t ideal, but still doesn’t seem to me to be any less secure than most other devices.