Dataconomy
  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Whitepapers
    • AI Models Leaderboard
  • AI toolsNEW
  • Newsletter
  • + More
    • Glossary
    • Conversations
    • Events
    • About
      • Who we are
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
Subscribe
No Result
View All Result
  • AI
  • Tech
  • Cybersecurity
  • Finance
  • DeFi & Blockchain
  • Startups
  • Gaming
Dataconomy
  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Whitepapers
    • AI Models Leaderboard
  • AI toolsNEW
  • Newsletter
  • + More
    • Glossary
    • Conversations
    • Events
    • About
      • Who we are
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
Subscribe
No Result
View All Result
Dataconomy
No Result
View All Result

ESP32 backdoor exposed: Security threat or just overblown hype

Espressif has not clarified if this was an error or a deliberate inclusion

byKerem Gülen
March 11, 2025
in Cybersecurity, News
Home News Cybersecurity
Share on FacebookShare on TwitterShare on LinkedInShare on WhatsAppShare on e-mail
Google Preferred Source

Espressif’s popular ESP32 microchip, which is embedded in over a billion devices, has been identified with an undocumented “backdoor” in its Bluetooth firmware. This revelation was made by Spanish researchers from Tarlogic Security during RootedCON in Madrid.

The ESP32 is a low-cost, low-power system-on-chip (SoC) highly regarded for its Wi-Fi and Bluetooth capabilities, making it suitable for Internet of Things (IoT) and embedded systems. Tarlogic’s findings indicate that the ESP32’s hidden commands enable attackers to spoof trusted devices, access sensitive information, pivot through networks, and establish persistent malware infections, affecting a broad range of devices from smart locks to medical equipment.

During their investigation, Tarlogic uncovered 29 secret vendor-specific commands in the ESP32’s Bluetooth firmware. These commands permit low-level memory manipulation, MAC address spoofing, and packet injection. Accessed through Opcode 0x3F, these functions provide attackers with raw control over Bluetooth traffic, circumventing standard operating system security measures.

Stay Ahead of the Curve!

Don't miss out on the latest insights, trends, and analysis in the world of data, technology, and startups. Subscribe to our newsletter and get exclusive content delivered straight to your inbox.

Espressif has not clarified if this was an error or a deliberate inclusion. This uncertainty raises concerns among security professionals regarding the vulnerability of IoT devices utilizing the ESP32 and whether firmware updates can mitigate the potential risks.

However, some analysts, including Xeno Kovah, argue that the characterization of this issue as a “backdoor” is exaggerated. Kovah states that the identified vendor-specific commands (VSCs) are standard features in Bluetooth controllers, with each manufacturer implementing these features as part of their software development kits (SDKs). These VSCs facilitate firmware updates and provide debugging capabilities, and they are generally documented, although some companies like Broadcom do not fully disclose them.

Following this feedback, Tarlogic amended their report, opting to refer to the VSCs as “hidden features” rather than a backdoor. Kovah also points out that the presence of similar VSCs in numerous Bluetooth controllers from other companies like Texas Instruments and Broadcom suggests a wider security concern if these VSCs are recognized as vulnerabilities.


Featured image credit: Espressif

Related Posts

Samsung Galaxy Z Fold8 series leak reveals camera upgrades

Samsung Galaxy Z Fold8 series leak reveals camera upgrades

June 30, 2026
Google expands Gemini’s personalized image generation to all U.S. users

Google expands Gemini’s personalized image generation to all U.S. users

June 30, 2026
OpenClaw launches AI agent apps on iOS and Android

OpenClaw launches AI agent apps on iOS and Android

June 30, 2026
Massive data leak exposes Apple supplier Tata Electronics on dark web

Massive data leak exposes Apple supplier Tata Electronics on dark web

June 30, 2026
Proton launches Lumo 2.0 with image AI and zero-access encryption

Proton launches Lumo 2.0 with image AI and zero-access encryption

June 30, 2026
Apple touchscreen MacBook could launch with M5 Pro chips

Apple touchscreen MacBook could launch with M5 Pro chips

June 29, 2026

LATEST NEWS

Samsung Galaxy Z Fold8 series leak reveals camera upgrades

Google expands Gemini’s personalized image generation to all U.S. users

OpenClaw launches AI agent apps on iOS and Android

Massive data leak exposes Apple supplier Tata Electronics on dark web

Proton launches Lumo 2.0 with image AI and zero-access encryption

Apple touchscreen MacBook could launch with M5 Pro chips

BEST AI MODELS LEADERBOARD

See the best AI models, ranked by intelligence, benchmark results, speed and token price. Find the most suitable LLMs, Text-to-Image, Image Editing, Text-to-Speech, Text-to-Video and Image-to-Video  artificial intelligence model for your tasks and business.

LATEST TOOLS

Autoppt

Otter.ai

Slideoo

Disney Pixar AI Generator

Codebay

Newo

BlackInk.AI

WatchMyCompetitor

TokkingHeads

Fellow.app

Dataconomy

COPYRIGHT © DATACONOMY MEDIA GMBH, ALL RIGHTS RESERVED.

  • About
  • Imprint
  • Contact
  • Legal & Privacy

Follow Us

  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Whitepapers
    • AI Models Leaderboard
  • AI tools
  • Newsletter
  • + More
    • Glossary
    • Conversations
    • Events
    • About
      • Who we are
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
No Result
View All Result
Subscribe

This website uses cookies to improve your experience. You can choose to accept or reject them. Visit our Privacy Policy.