This post refutes the claim that researchers found a "backdoor" in ESP32 Bluetooth chips. What the researchers highlight (vendor-specific HCI commands to read & write controller memory) is a common design pattern found in other Bluetooth chips from other vendors as well, such as Broadcom, Cypress, and Texas Instruments. Vendor-specific commands in Bluetooth effectively constitute a "private API", and a company's choice to not publicly document their private API does not constitute a "backdoor".
  • kubica@fedia.io
    21·
    23 hours ago

    Overall we at Dark Mentor do consider the use of VSCs granting the capability to read and write memory, flash, or registers to be bad security design. It’s bad design for Espressif the same as it’s bad design for Broadcom, Texas Instruments, and any other vendor that uses it. This issue is now being tracked as CVE-2025-27840.