Comment by ๐ byzoni
Re: "Undocumented commands found in ESP32"
So ESP32 is not only a penny microcontroller to blink an LED, but also a Bluetooth debugging board. Adorable!
2025-03-10 ยท 1 year ago
12 Later Comments โ
๐ป darkghost [OP] ยท 2025-03-10 at 09:50:
There are far more stupid applications of the IoT. How about an egg holder that lets you know, from anywhere in the world, exactly how many eggs you have? (but not whether they've gone off) Or water bottles that Bluetooth remind you that you're thirsty?
๐ stack ยท 2025-03-10 at 12:35:
Now that the Internet of people has screwed everyone, it's time for the Internet of things to screw up everything. That pretty much covers it.
๐ป darkghost [OP] ยท 2025-03-10 at 13:10:
Sorry, I died because I didn't charge my water bottle and I forgot to drink water. The afterlife won't give me the Wi-Fi password so I'm using a very spotty cell connection to tell you something important: you have 4 eggs left. Also it's time to update the firmware in your light bulb. It's only 120 MB to download. You can schedule the update now or now.
๐ stack ยท 2025-03-10 at 20:06:
iDied is a connected coffin, providing updates to your dead feed to your favorite social media via wifi, via the cemetary's access point.
๐ป darkghost [OP] ยท 2025-03-10 at 20:23:
Now that's a market disrupting idea if I've ever heard one! All that's missing is something AI related.
๐ stack ยท 2025-03-10 at 23:29:
Yes. AI and Etherium contracts, so you can surprise your loved ones by losing all their inheritance -- or doubling it...by trading after death
๐ฆ wasolili [...] ยท 2025-03-11 at 03:05:
I think the question we all need to ask here, is why the fuck does every gadget, toy and random doohickey need wifi and bluetooth?
I would go a step further and ask why everything needs a computer in it at all. Once you've got a computer in something, justifying wifi becomes easy: "we need to enable simple software updates in case our shitty code is broken" or "automate stats tracking" or whatever
and once you've got wifi in your product, no matter how good the intentions behind including it were (though i doubt there were any good intentions in many cases), some genius business guy will say, "we can remotely disable this, right? let's switch to a subscription model. do you think we could get ads showing on this, too?"
which is probably the real answer to the "why wifi?" question for most products. An exercise bike can be completely mechanical, but throw a few dollars of electronics into it and you can show ads, integrate streaming services, brick it if a payment is missed, and charge activation fees if it's sold second-hand.
I'm surprised landlords haven't picked up on all the ways to exploit this trend by listing amenities that are actually subscription models. An in-unit washer/dryer combo that charges the tenant per use and part of that goes to the landlords bank account? That's just conniving enough to work. Throw in a refrigerator that plays ads for good measure
grumble grumble
๐ป darkghost [OP] ยท 2025-03-11 at 11:16:
I mean I've lived in apartments where the washer had coin slots. Same thing really. And I still had to pay for the electricity to operate the damn thing.
๐ป darkghost [OP] ยท 2025-03-11 at 16:13:
It was in the basement which is a "common area"
๐ฒ Half_Elf_Monk ยท 2025-03-11 at 17:43:
Incompetence is the majority, but conspiracies can leverage it to their own ends, so for security purposes it really makes no difference.
I suspect the impulse assimilate everything into the IoT is well-meaning hackers/makers who like the challenge. It's a fun hobby. The capitolization-for-currency is generally someone else with different aims.
Fortunately I live somewhere where there's a decent culture of secondhand stores, so I could pick up "analogue" exercise bikes for cheap... that work decently well. Or just take a walk. :)
Point of interest: Wouldn't it be great if you could buy something like an ESP32 from within your own country? Having a means of production in your own nation/people seems like a good move for security.
All that said, I'm wondering how much of a threat these commands present. If my device is compromised, this just increases the damage potential. But is this an attack vector that could compromise an otherwise secure device? (i.e., if someone puts their malicious water bottle next to my otherwise-secure coffee machine, can it establish a rogue bluetooth connection and make me demoralizingly bad coffee?)
๐ฒ Half_Elf_Monk ยท 2025-03-11 at 20:41:
@HanzBrix - Yep. And that's where the conversation shifts from the technical aspects to the "political economy" questions. Say what you will about the politicians who want to move production more locally / nationally, but it sure would be great if there were closer options. I bet people in the west could come up with appropriately competetive solutions if enough need is seen. "backdooring all your bluetooth" seems like it qualifies to me, but what do I know?
๐ฒ Half_Elf_Monk ยท 2025-03-11 at 20:49:
Brainstorming here: I wonder if it would be possible to have a thingiverse-style library of designs for PCB boards and microcontrollers, which could then be ordered through local-ish vendors who manufacture/assemble the parts for you. Making microcontrollers as small as TSMC/expressif does is amazing, but I'd rather buy a slightly slower one from a trusted source within my own country.
I'm thinking of something like JLCPCB but for microcontrollers as well as boards. That may not be possible, idk, but a half-elf-monk can hope. For example (HTTPS): https://jlcpcb.com/raspberry-pi-rp2350
โ https://jlcpcb.com/raspberry-pi-rp2350
Original Post
Undocumented commands found in ESP32 โ It seems suspicious as heck. [gemini link]