The widely used ESP32 microchip, manufactured by Chinese company Espressif and embedded in over a billion devices as of 2023, has been found to contain undocumented commands that could be exploited for cyberattacks.
These hidden commands enable threat actors to spoof trusted devices, gain unauthorized access to sensitive data, pivot within a network, and establish persistent control over affected systems.
Spanish cybersecurity experts Miguel Tarascó Acuña and Antonio Vázquez Blanco from Tarlogic Security uncovered these vulnerabilities and presented their findings at RootedCON in Madrid.
“Tarlogic Security has detected a backdoor in the ESP32, a microcontroller that enables WiFi and Bluetooth connection and is present in millions of mass-market IoT devices,” the company stated in an announcement shared with BleepingComputer.
“Exploitation of this backdoor would allow hostile actors to conduct impersonation attacks and permanently infect sensitive devices such as mobile phones, computers, smart locks, or medical equipment by bypassing code audit controls.”
The researchers highlighted that ESP32 is one of the most commonly used chips for Wi-Fi
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: