Comment by ๐ŸŒฒ Half_Elf_Monk

Re: "Undocumented commands found in ESP32"

In: s/ESP32

Incompetence is the majority, but conspiracies can leverage it to their own ends, so for security purposes it really makes no difference.

I suspect the impulse assimilate everything into the IoT is well-meaning hackers/makers who like the challenge. It's a fun hobby. The capitolization-for-currency is generally someone else with different aims.

Fortunately I live somewhere where there's a decent culture of secondhand stores, so I could pick up "analogue" exercise bikes for cheap... that work decently well. Or just take a walk. :)

Point of interest: Wouldn't it be great if you could buy something like an ESP32 from within your own country? Having a means of production in your own nation/people seems like a good move for security.

All that said, I'm wondering how much of a threat these commands present. If my device is compromised, this just increases the damage potential. But is this an attack vector that could compromise an otherwise secure device? (i.e., if someone puts their malicious water bottle next to my otherwise-secure coffee machine, can it establish a rogue bluetooth connection and make me demoralizingly bad coffee?)

๐ŸŒฒ Half_Elf_Monk

2025-03-11 ยท 1 year ago

2 Later Comments โ†“

๐ŸŒฒ Half_Elf_Monk [โœ๏ธ] ยท 2025-03-11 at 20:41:

@HanzBrix - Yep. And that's where the conversation shifts from the technical aspects to the "political economy" questions. Say what you will about the politicians who want to move production more locally / nationally, but it sure would be great if there were closer options. I bet people in the west could come up with appropriately competetive solutions if enough need is seen. "backdooring all your bluetooth" seems like it qualifies to me, but what do I know?

๐ŸŒฒ Half_Elf_Monk [โœ๏ธ] ยท 2025-03-11 at 20:49:

Brainstorming here: I wonder if it would be possible to have a thingiverse-style library of designs for PCB boards and microcontrollers, which could then be ordered through local-ish vendors who manufacture/assemble the parts for you. Making microcontrollers as small as TSMC/expressif does is amazing, but I'd rather buy a slightly slower one from a trusted source within my own country.

I'm thinking of something like JLCPCB but for microcontrollers as well as boards. That may not be possible, idk, but a half-elf-monk can hope. For example (HTTPS): https://jlcpcb.com/raspberry-pi-rp2350

โ€” https://jlcpcb.com/raspberry-pi-rp2350

Original Post

๐ŸŒ’ s/ESP32

๐Ÿ‘ป darkghost:

Undocumented commands found in ESP32 โ€” It seems suspicious as heck. [gemini link]

๐Ÿ’ฌ 20 comments ยท 2025-03-09 ยท 1 year ago