← Back to context

Comment by noodlesUK

1 month ago

EDIT: My Spanish isn't very good, but reading the slides it doesn't sound like the vulnerability is likely to be remotely exploitable, it sounds like it's only an issue if the chip is in HCI mode and being used as a bluetooth adapter. If someone who speaks Spanish could confirm I would be very appreciative.

3 comments

noodlesUK

Reply
stragies  1 month ago

With ESP32, always regard the vendor firmware only as proof-of-electrical-functioning. The first thing you should do with any ESP32 device after basic function test, is install ESPHome on it. If that's not possible, buy something different, where you can replace vendor fw.

  • noodlesUK  1 month ago

    Oh, I completely agree for IoT devices. When I was first reading the article I feared that the issue was something burned into the bluetooth radio binary blob, or something at the hardware level that would not have mattered whether you were running esphome or not. Upon a little deeper inspection, it doesn't sound like that's the case.

  • Eduard  1 month ago

    Espressif chips such as the ESP32 family are used for so many more applications than just smart home devices, which ESPHome targets.

    e. g. it doesn't make sense to install ESPHome on an ESP32-based drone :)