Comment by huang_chung
1 month ago
> In theory, the attacker could then use the undocumented commands to scan, spoof, or otherwise attack any near by bluetooth devices.
So? Device is 0wned. Did you think Bluetooth chip is magic protection device for rest of the network?
How would you stop physical external actor? Do you have "No ESP32 permitted on this property" signs on windows?
I'm not arguing that this is a big f'in deal. Seems like it's not much of a deal at all actually.