Following the initial report, cybersecurity firm Dark Mentor’s researcher Xeno Kovah challenged the characterization of the ESP32 functionality as a “backdoor.” Kovah noted that the vendor-specific HCI commands found in the ESP32 are a common industry practice rather than a covert or maliciously designed access point. Similar functionalities exist in Bluetooth chips from Broadcom, Cypress, and Texas Instruments, where vendor-specific commands serve as a private API for debugging and firmware management.
Kovah emphasized that undocumented commands do not inherently constitute a security vulnerability unless they violate a specific security model. They further criticized the fear-mongering language in initial reports, stating that while the security risks of memory read/write capabilities should not be dismissed, calling them a backdoor was misleading. Tarlogic has since updated its report to reflect this distinction, replacing “backdoor” with “hidden feature.”
Important clarification here. Since these “hidden” features are relatively normal for debugging purposes, we can’t really call these commands a backdoor.
The real concern is whether these commands could be exploited through another vulnerability.
Ok so I was trying to look into self hosted automation via Home Assistant and I guess I’ll just remove this whole category of it…
It’s a secret door then?
mellon?