jiska: We didn't request CVEs for that 9 years ago. Instead, we built the InternalBlue Bluetooth research framework: github.com/seemoo-lab/internalblue

See full post

jiska handle.invalid · Mar 9, 2025
Tarlogic found a "backdoor" im the ESP32 chips: bleepingcomputer.com/news/security/undocumented-commands-found-in-bluetooth-chip-used-by-a-billion-devices  Broadcom & Cypress chips have the same HCI "backdoor" allowing to write to the Bluetooth chip's RAM. This feature is used for firmware patches.
Undocumented commands found in Bluetooth chip used by a billion devices

The ubiquitous ESP32 microchip made by Chinese manufacturer Espressif and used by over 1 billion units as of 2023 contains undocumented commands that could be leveraged for attacks.

bleepingcomputer.com

View on Bluesky Show all post labels
jiska handle.invalid
We didn't request CVEs for that 9 years ago. Instead, we built the InternalBlue Bluetooth research framework: github.com/seemoo-lab/internalblue
GitHub - seemoo-lab/internalblue: Bluetooth experimentation framework for Broadcom and Cypress chips.

Bluetooth experimentation framework for Broadcom and Cypress chips. - seemoo-lab/internalblue

github.com
Mar 9, 2025 12:39
0 reposts 0 quotes 0 likes

View on Bluesky Show all post labels
jiska handle.invalid · Mar 9, 2025
Firmware memory access through HCI was never considered a threat, since an attacker requires at least code execution in the Bluetooth daemon/driver for getting code execution in the Bluetooth firmware.

View on Bluesky Show all post labels
jiska handle.invalid · Mar 9, 2025
This threat model changed slightly when we showed further privilege escalation, in particular code execution in the WiFi firmware via Bluetooth. Now, this interface is only available until Bluetooth firmware patches were applied at driver/daemon initialization.  arxiv.org/pdf/2112.05719
https://arxiv.org/pdf/2112.05719

arxiv.org

View on Bluesky Show all post labels

An unhandled error has occurred. Reload 🗙