This post refutes the claim that researchers found a "backdoor" in ESP32 Bluetooth chips. What the researchers highlight (vendor-specific HCI commands to read & write controller memory) is a common design pattern found in other Bluetooth chips from other vendors as well, such as Broadcom, Cypress, and Texas Instruments. Vendor-specific commands in Bluetooth effectively constitute a "private API", and a company's choice to not publicly document their private API does not constitute a "backdoor".
  • Darkassassin07@lemmy.caEnglish
    1524·
    21 hours ago

    Potato, potato…

    Whether we call them ‘undocumented commands’ or a ‘backdoor’, the affect is more or less the same; a series of high-level commands not listed within the specs, preventing systems engineers/designers from planning around vulnerabilities and their potential for malicious use.

    • futatorius@lemm.eeEnglish
      74·
      19 hours ago

      In that case, every stack that you use is riddled with those and we are all hosed. And yet somehow your computer, your phone and the internet keep on working most of the time.

    • ShadowRam@fedia.io
      531·
      21 hours ago

      The dude that wrote this blog is a goof…

      defines backdoor as “relating to something that is done secretly

      effectively constitute a “private API”, and a company’s choice to not publicly document their private API

      Idiot thinks these are two different things…

      Are they are trying to argue that malicious intent is needed to define it as a back door?

      Moron…

      • FanBlade@lemmynsfw.comEnglish
        101·
        18 hours ago

        You’re very smart. I didn’t realize that until you called someone a goof, idiot and moron, but now it’s very clear that you have far superior intelligence.