This post refutes the claim that researchers found a "backdoor" in ESP32 Bluetooth chips. What the researchers highlight (vendor-specific HCI commands to read & write controller memory) is a common design pattern found in other Bluetooth chips from other vendors as well, such as Broadcom, Cypress, and Texas Instruments. Vendor-specific commands in Bluetooth effectively constitute a "private API", and a company's choice to not publicly document their private API does not constitute a "backdoor".
  • Darkassassin07@lemmy.ca
    English
    411·
    4 months ago

    Potato, potato…

    Whether we call them ‘undocumented commands’ or a ‘backdoor’, the affect is more or less the same; a series of high-level commands not listed within the specs, preventing systems engineers/designers from planning around vulnerabilities and their potential for malicious use.

    • SharkAttak@kbin.melroy.org
      13·
      4 months ago

      I don’t get the downvotes, wether you call it backdoor or private API it’s a security hole, and nitpicking on its name won’t help fixing it.

    • ShadowRam@fedia.io
      318·
      4 months ago

      The dude that wrote this blog is a goof…

      defines backdoor as “relating to something that is done secretly

      effectively constitute a “private API”, and a company’s choice to not publicly document their private API

      Idiot thinks these are two different things…

      Are they are trying to argue that malicious intent is needed to define it as a back door?

      Moron…

      • FanBlade@lemmynsfw.comEnglish
        4·
        4 months ago

        You’re very smart. I didn’t realize that until you called someone a goof, idiot and moron, but now it’s very clear that you have far superior intelligence.