Comment by vlovich123

1 month ago

You’ve misread then:

> Armed with this new tool, which enables raw access to Bluetooth traffic, Targolic discovered hidden vendor-specific commands (Opcode 0x3F) in the ESP32 Bluetooth firmware that allow low-level control over Bluetooth functions.

The exploit happens over bluetooth. They used a USBC driver to explore the potential attack surface.

Shit like this is what happens when you don’t have good separation between functionality you give QA for production firmware & commands for factory firmware bringup. Almost certainly this is because the vendor used the same image for factory bringup & shipping to end users.

2 comments

vlovich123

Reply
seba_dos1  1 month ago

Nothing you quoted implies that there's an exploit that happens over Bluetooth. It actually implies otherwise, so you'll have to find a better quote if that's actually true (I couldn't, FWIW).

  • justsid  1 month ago

    Not just that but it’s also not a USBC driver but a USB driver written in C. Everything about this was wrong. The original article is really upsetting because this just isn’t a big deal at all, at least given the current information.