I know this website seems sketchy/scammy AF, but I found that these actually do a good job dimming the LEDs to reasonable levels, but keeping them visible.

https://www.lightdims.com/store.htm

I imagine (mostly because of all the “patent pending” bs) that this is a film you just just buy from somewhere else way cheaper, I just don’t know what it is.

I don’t think is is a backdoor. At the moment I wouldn’t consider this article any more than FUD.

It’s unclear to me if the security company has actually said what the vuln is or not, but if it’s what was presented in the slides linked in the article this is at worst something that can be “attacked” from a computer connected via USB (and I’m pretty sure it would also require special software already on the ESP32), where the attack is sending out possibly invalid bluetooth messages to try to attack other devices or flashing new firmware to the ESP itself. It’s not a general “backdoor” in the ESP32 itself. At least that’s the best interpretation I’ve been able to make. Happy to be corrected if anyone finds more info.