Source Link Privacy.

Privacy test result

https://themarkup.org/blacklight?url=https%3A%2F%2Fwww.tarlogic.com%2Fnews%2Fbackdoor-esp32-chip-infect-ot-devices%2F&device=mobile&location=us-ca&force=false

Tarlogic Security has detected a backdoor in the ESP32, a microcontroller that enables WiFi and Bluetooth connection and is present in millions of mass-market IoT devices. Exploitation of this backdoor would allow hostile actors to conduct impersonation attacks and permanently infect sensitive devices such as mobile phones, computers, smart locks or medical equipment by bypassing code audit controls.

Update: The ESP32 “backdoor” that wasn’t.

  • notanapple@lemm.ee
    link
    fedilink
    English
    arrow-up
    0
    ·
    9 days ago

    We really should be pushing for fully open source stack (firmware, os) in all iot devices. They are not very complicated so this should be entirely possible. Probably will need a EU law though.

    • secret300@lemmy.sdf.org
      link
      fedilink
      English
      arrow-up
      0
      ·
      9 days ago

      I 100% believe firmware should be open source no question about it. There’s so many devices out there especially phones and iot devices that just become e-waste because you can’t do anything with it once it’s not supported if it was open source and documented in some way then it could be used. I have like five cheap phones that I got because they were so cheap but once they lost support they’ve become completely useless even though they still work.

      • Malfeasant@lemm.ee
        link
        fedilink
        English
        arrow-up
        0
        ·
        8 days ago

        But then big companies wouldn’t be able to keep milking the consumer via planned obsolescence. Won’t somebody think of the shareholders?

    • oldfart@lemm.ee
      link
      fedilink
      English
      arrow-up
      0
      ·
      9 days ago

      Open source stack will not prevent this. It’s not even a backdoor, it’s functionality that these researches think should be hidden from programmers for whatever reason.

      Open source devices would have this functionality readily available for programmers. Look at rtl-sdr, using the words of these researches, it has a “backdoor” where a TV dongle may be used to listen to garage key fobs gasp everyone panic now!