Published wolfSSL v5.8.0
Managed Component preview
for
#Espressif ESP-IDF
Published wolfSSL v5.8.0
Managed Component preview
for
#Espressif ESP-IDF
Don't know when I'll get the time, but I'm looking forward to put my hands on an ESP32-C5. https://www.espressif.com/en/news/ESP32-C5_Mass_Production
#esp32 #esp32c5 #espressif
BREAKING: Espressif's ESP32-C5 is rolling off the assembly line. Quick, everyone pretend you're excited about yet another microcontroller with an alphabet soup name
. Because, you know, the world was desperately lacking in unnecessary #acronyms and mind-numbing datasheets.
https://www.espressif.com/en/news/ESP32-C5_Mass_Production #Espressif #ESP32C5 #Microcontrollers #TechNews #Gadgets #HackerNews #ngated
Espressif's ESP32-C5 Is Now in Mass Production
https://www.espressif.com/en/news/ESP32-C5_Mass_Production
#HackerNews #Espressif #ESP32-C5 #MassProduction #IoT #Hardware #TechNews
stripped the code to the bare minimum:
https://github.com/peturdainn/ESP32s3_ULP_wakestub_demo
And now your ESP32s3 supports wakeup from deepsleep (and wakestub) using GPIO edge interrupt
edit: updated the readme to explain what's different compared to examples floating around:
1) the ULP can go into halt and still trigger its ISR on the GPIO edge
2) the ULP can wakeup the main controller to its wakestub *and* go back to deep sleep
This is serious low power consumption business
I've configured an interrupt on the ULP itself, and then, contrary to what examples and online code do, let it halt (quit).
The extra 70uA powerconsumption of the ULP that I had noticed is gone (well, within the limits of my meter), and the configured GPIO interrupt fired and woke up the main CPU.
Now, the main CPU only has level-based wakeup from deep sleep, but the ULP interrupt can be GPIO edge!!
One thing to fix: a second ULP int makes the wakestub quit (first is OK)
Security Week 2511: сомнительный бэкдор в Bluetooth-модуле Espressif
Примечательным исследованием в сфере информационной безопасности на прошлой неделе стала работа испанских исследователей из компании Tarlogic. Они обнаружили набор недокументированных команд в модуле ESP32 компании Espressif, популярном SoC для реализации функциональности Wi-Fi и Bluetooth в устройствах IoT. Первоначально (например, в новости на сайте BleepingComputer и на Хабре ) этот набор недокументированных фич назвали бэкдором, ссылаясь на пресс-релиз Tarlogic. Хотя ценность самого исследования экспертов из Испании не подвергается сомнению, именно слово «бэкдор» породило достаточно любопытную дискуссию на тему производственных секретов в популярных устройствах и их относительной опасности. Отличную статью по этому поводу написал Ксено Кова из компании Dark Mentor, в прошлом разработчик в Apple, занимавшийся в том числе безопасностью Bluetooth. По его словам, бэкдором эти недокументированные команды называть все же нельзя, но это не означает, что их существование в большинстве популярных Bluetooth-модулей полностью безопасно.
Undocumented commands found in #Bluetooth chip used by a billion devices
The ubiquitous #ESP32 microchip made by Chinese manufacturer #Espressif and used by over 1 billion units as of 2023 contains undocumented commands that could be leveraged for #attacks.
The undocumented commands allow #spoofing of trusted devices, unauthorized data access, pivoting to other devices on the network, and potentially establishing long-term persistence.
#security #china
Undocumented hidden feature found in #Espressif #ESP32 #microchip
https://securityaffairs.com/175102/hacking/undocumented-hidden-feature-espressif-esp32-microchip.html
#securityaffairs #hacking
Pessima notizia per chi ama la #domotica:
Un ricercatore spagnolo ha trovato 29 comandi non documentati nel microchip #esp32 (della azienda cinese
#espressif ), che potrebbero essere usati per infettare altri dispositivi della rete.
Fonte:
https://www.bleepingcomputer.com/news/security/undocumented-backdoor-found-in-bluetooth-chip-used-by-a-billion-devices/
It's easy to get scared when headlines combine terms like "backdoor", "Bluetooth", and "a billion devices".
Should you be worried? No.
The "attack" for ESP32 chips in some Internet of Things devices is some undocumented commands that are likely to be for testing by the manufacturer, Espressif, the in the factory. It cannot spread from one device to another like a virus/worm, and it takes a lot more than being within Bluetooth range -- it requires physical access to I/O pins on the chip itself or access to a USB port (if one is present). That's just the standard way to flash the firmware. It should go without saying that if a malicious person has physical access to the inside of your device then you may have more security concerns.
It's been fascinating to watch the propagation of fear and misinformation in a niche where I have dabbled enough to develop a bit of technical proficiency.
My interpretation of events is that Tarlogic Security is spreading panic to gain attention or notoriety.
Undocumented "backdoor" found in Bluetooth chip used by a billion devices:
https://www.bleepingcomputer.com/news/security/undocumented-backdoor-found-in-bluetooth-chip-used-by-a-billion-devices/
NIST (National Institute of Standards and Technology) has a CVE:
https://nvd.nist.gov/vuln/detail/CVE-2025-27840
Edit to update:
Espressif’s Response to Claimed Backdoor and Undocumented Commands in ESP32 Bluetooth Stack
https://www.espressif.com/en/news/Response_ESP32_Bluetooth
»The ubiquitous #ESP32 #Bluetooth #chip made by Chinese manufacturer #Espressif and used by over #billion units contains an undocumented "#backdoor" that could be leveraged for #attacks.« https://www.bleepingcomputer.com/news/security/undocumented-backdoor-found-in-bluetooth-chip-used-by-a-billion-devices/?eicker.news #tech #media
"The ubiquitous ESP32 microchip made by Chinese manufacturer Espressif and used by over 1 billion units as of 2023 contains an undocumented "backdoor" that could be leveraged for attacks."
Backdoor detected in ESP32 Espressif IoT chip — https://www.tarlogic.com/news/backdoor-esp32-chip-infect-ot-devices/
#HackerNews #Backdoor #Esp32 #Espressif #IoT #Cybersecurity #Vulnerability #IoTSecurity
Just preparing my next #ESP32 exercise as part of my #IoT course ... this comes in timely ...
study material for the #security unit ...
#bluetooth #backdoor in #espressif #ESP32 chips ...
https://thedefendopsdiaries.com/unveiling-the-esp32-backdoor-implications-for-iot-security/
#Backdoor im #WLAN & #Bluetooth Chip #ESP32 der in Milliarden Geräten steckt!
Konnte ja keiner ahnen, wenn der von einem chinesischen Hersteller kommt!
#China #Chip #Smartphone #Tablet #Security #Sicherheit #Wifi #IoT #Espressif #Datenschutz #Hacker
www.bleepingcomputer.com/news/securit...
Undocumented "backdoor" found ...
me: "Hey let's do something with that esp32-c3 devkit I got for free" from #espressif
How it's going:
E (39) boot_comm: Image requires chip rev >= v0.3, but chip is v0.2
.. ugh?
The worst part is that there isn't a single replacement part that's a go-to for all the uses I have - at least not one that isn't another #espressif part.
I've got some work ahead of me. :)
Undokumentierte Befehle in #ESP32, welche es ermöglichen per #Bluetooth RAM und Flash auszulesen und zu manipulieren. Könnte eine #Backdoor sein - oder Codereste, die nicht in den Release sollten. Unschön ist es in jedem Fall, auch wenn IMO die Gefahr überschaubar ist, da ein Angreifer ja recht nah ran muss.
https://www.bleepingcomputer.com/news/security/undocumented-backdoor-found-in-bluetooth-chip-used-by-a-billion-devices/
#RootedCON #espressif