fosstodon.org is one of the many independent Mastodon servers you can use to participate in the fediverse.
Fosstodon is an invite only Mastodon instance that is open to those who are interested in technology; particularly free & open source software. If you wish to join, contact us for an invite.

Administered by:

Server stats:

9.8K
active users

#espressif

1 post1 participant0 posts today

🚨 BREAKING: Espressif's ESP32-C5 is rolling off the assembly line. Quick, everyone pretend you're excited about yet another microcontroller with an alphabet soup name 🤯🎉. Because, you know, the world was desperately lacking in unnecessary #acronyms and mind-numbing datasheets. 🙄🎈
espressif.com/en/news/ESP32-C5 #Espressif #ESP32C5 #Microcontrollers #TechNews #Gadgets #HackerNews #ngated

www.espressif.comEspressif's ESP32-C5 is Now in Mass Production | Espressif SystemsToday, we are glad to announce that ESP32-C5 is now in mass production.
Continued thread

stripped the code to the bare minimum:
github.com/peturdainn/ESP32s3_

And now your ESP32s3 supports wakeup from deepsleep (and wakestub) using GPIO edge interrupt 🤷‍♂️

edit: updated the readme to explain what's different compared to examples floating around:
1) the ULP can go into halt and still trigger its ISR on the GPIO edge
2) the ULP can wakeup the main controller to its wakestub *and* go back to deep sleep

This is serious low power consumption business

GitHubGitHub - peturdainn/ESP32s3_ULP_wakestub_demo: Demo code for ESP32-s3 to use the ULP for edge based GPIO wakeup to start the wakestubDemo code for ESP32-s3 to use the ULP for edge based GPIO wakeup to start the wakestub - peturdainn/ESP32s3_ULP_wakestub_demo
Continued thread

I've configured an interrupt on the ULP itself, and then, contrary to what examples and online code do, let it halt (quit).

The extra 70uA powerconsumption of the ULP that I had noticed is gone (well, within the limits of my meter), and the configured GPIO interrupt fired and woke up the main CPU.

Now, the main CPU only has level-based wakeup from deep sleep, but the ULP interrupt can be GPIO edge!!

One thing to fix: a second ULP int makes the wakestub quit (first is OK)

Security Week 2511: сомнительный бэкдор в Bluetooth-модуле Espressif

Примечательным исследованием в сфере информационной безопасности на прошлой неделе стала работа испанских исследователей из компании Tarlogic. Они обнаружили набор недокументированных команд в модуле ESP32 компании Espressif, популярном SoC для реализации функциональности Wi-Fi и Bluetooth в устройствах IoT. Первоначально (например, в новости на сайте BleepingComputer и на Хабре ) этот набор недокументированных фич назвали бэкдором, ссылаясь на пресс-релиз Tarlogic. Хотя ценность самого исследования экспертов из Испании не подвергается сомнению, именно слово «бэкдор» породило достаточно любопытную дискуссию на тему производственных секретов в популярных устройствах и их относительной опасности. Отличную статью по этому поводу написал Ксено Кова из компании Dark Mentor, в прошлом разработчик в Apple, занимавшийся в том числе безопасностью Bluetooth. По его словам, бэкдором эти недокументированные команды называть все же нельзя, но это не означает, что их существование в большинстве популярных Bluetooth-модулей полностью безопасно.

habr.com/ru/companies/kaspersk

ХабрSecurity Week 2511: сомнительный бэкдор в Bluetooth-модуле EspressifПримечательным исследованием в сфере информационной безопасности на прошлой неделе стала работа испанских исследователей из компании Tarlogic. Они обнаружили набор недокументированных команд в модуле...

Undocumented commands found in #Bluetooth chip used by a billion devices

The ubiquitous #ESP32 microchip made by Chinese manufacturer #Espressif and used by over 1 billion units as of 2023 contains undocumented commands that could be leveraged for #attacks.

The undocumented commands allow #spoofing of trusted devices, unauthorized data access, pivoting to other devices on the network, and potentially establishing long-term persistence.
#security #china

bleepingcomputer.com/news/secu

BleepingComputer · Undocumented commands found in Bluetooth chip used by a billion devicesBy Bill Toulas

It's easy to get scared when headlines combine terms like "backdoor", "Bluetooth", and "a billion devices".

Should you be worried? No.

The "attack" for ESP32 chips in some Internet of Things devices is some undocumented commands that are likely to be for testing by the manufacturer, Espressif, the in the factory. It cannot spread from one device to another like a virus/worm, and it takes a lot more than being within Bluetooth range -- it requires physical access to I/O pins on the chip itself or access to a USB port (if one is present). That's just the standard way to flash the firmware. It should go without saying that if a malicious person has physical access to the inside of your device then you may have more security concerns.

It's been fascinating to watch the propagation of fear and misinformation in a niche where I have dabbled enough to develop a bit of technical proficiency.

My interpretation of events is that Tarlogic Security is spreading panic to gain attention or notoriety.

Undocumented "backdoor" found in Bluetooth chip used by a billion devices:
bleepingcomputer.com/news/secu

NIST (National Institute of Standards and Technology) has a CVE:
nvd.nist.gov/vuln/detail/CVE-2

Edit to update:

Espressif’s Response to Claimed Backdoor and Undocumented Commands in ESP32 Bluetooth Stack
espressif.com/en/news/Response

BleepingComputerUndocumented "backdoor" found in Bluetooth chip used by a billion devicesThe ubiquitous ESP32 microchip made by Chinese manufacturer Espressif and used by over 1 billion units as of 2023 contains an undocumented "backdoor" that could be leveraged for attacks.