Have they said that recently? The only definitive comment I remember from them was something along the lines “definitely not in the next 2-3 years” around launch, which was 3 years ago.
Not saying that means I “expect” it’s happening, just curious if you know of anything more recent that says its not happening.
Yep, I’m seeing it now too. 👍
Idea Not Found
Tried creationg an account and still don’t see it.
I don’t think is is a backdoor. At the moment I wouldn’t consider this article any more than FUD.
It’s unclear to me if the security company has actually said what the vuln is or not, but if it’s what was presented in the slides linked in the article this is at worst something that can be “attacked” from a computer connected via USB (and I’m pretty sure it would also require special software already on the ESP32), where the attack is sending out possibly invalid bluetooth messages to try to attack other devices or flashing new firmware to the ESP itself. It’s not a general “backdoor” in the ESP32 itself. At least that’s the best interpretation I’ve been able to make. Happy to be corrected if anyone finds more info.
What is this article on about?
Here’s the actual presentation: https://www.documentcloud.org/documents/25554812-2025-rootedcon-bluetoothtools/
I don’t speak Spanish and only have the slides to go off of, but this doesn’t sound like a “backdoor”. This sounds like they found the commands for regulatory testing. To do emissions testing you need to be able to make the device transmit on command so that your testing house can verify you’re within legal limits on everything.
These are commands that can be given over USB. You know what else you can do over USB? Fucking anything, these chips have a JTAG USB device. (Now, if these are commands that can’t be turned off, that would be kinda bad, I guess? But still not really a super big problem. And I don’t see anything that implies that in the slides.)
The tone I get from the slides is more “hey we found this cool tool for doing Bluetooth stuff that doesn’t require writing embedded software”. Which, cool. But that’s sure not the point this article is trying to make.
No, this is fallout from a patchset adding exactly the rust library you suggest to use the DMA library. And despite this only having changes in the rust/kernel tree, the maintainer of kernel/dma showed up to NAK the patch just because he doesn’t like the idea of rust code in the kernel.
Original Patch Set Thread: https://lore.kernel.org/lkml/[email protected]/
Hey, this might be something I’m interested in, but I’m not sure because there aren’t many details in your readme.
Some questions I’d suggest you answer in the readme:
[Edit: after looking through the code quickly, some of my questions probably don’t male sense because this seems to be an alerting style monitoring tool, not a observability style monitoring tool. Answering my own questions for others that are curious:]
What does it monitor?
[Disk space and CPU use]
What is the interface? Web? It does compare itself to grafana, so maybe. TUI? Maybe that’s what makes it more light weight?
[It doesn’t have one, it sends telegram messages when alarm thresholds(?) are hit.]
Does it only work on Debian? If not, are there deps that are required that are installed as dependencies of the deb?
[Dunno still.]
Is there history or is it real time only?
[Realtime only, well I guess there’s the telegram history.]
What does it look like? (Honestly, a screenshot could possibly answer most of these questions and a whole lot more.)
[It doesn’t look like anything. There’s no screenshot because there’s nothing to screenshot.]
Unless you’re working with people who are too smart, then sometimes the code only explains the how. Why did the log processor have thousands of lines about Hilbert Curves? I never could figure it out even after talking with the person that wrote it.
C was originally created as a “high-level” language, being more abstract (aka high-level) than the other languages at the time. But now it’s basically considered very slightly more abstract than machine code when compared to the much higher level high-level languages we have today.
Fry and the Slurm Factory