Comment by ๐Ÿ‘ป darkghost

Re: "Undocumented commands found in ESP32"

In: s/ESP32

It's funny you mention it, my 30 year old washer is having difficulties. I kept it going by putting a jumper wire across some terminals (thanks to the included schematic and logic table) until I can get a replacement part. Given what I know about modern appliances, I'm going to keep doing this until I can't.

๐Ÿ‘ป darkghost [OP]

2025-03-09 ยท 1 year ago

14 Later Comments โ†“

๐Ÿ‘พ fab ยท 2025-03-09 at 20:59:

Yeah the Chinese... Bad luck for me. I just wanted to start messing with the ESP32 again and rust. Maybe I'll do anyway.

I have 4 remote power switches / power meters with Tasmota flashed to use without hardware vendor software but I think these use an ESP8266. And I've put them in an isolated VLAN with no internet access (which won't help against bluetooth attacks but anyway).

๐Ÿš€ byzoni ยท 2025-03-10 at 06:35:

So ESP32 is not only a penny microcontroller to blink an LED, but also a Bluetooth debugging board. Adorable!

๐Ÿ‘ป darkghost [OP] ยท 2025-03-10 at 09:50:

There are far more stupid applications of the IoT. How about an egg holder that lets you know, from anywhere in the world, exactly how many eggs you have? (but not whether they've gone off) Or water bottles that Bluetooth remind you that you're thirsty?

๐Ÿš€ stack ยท 2025-03-10 at 12:35:

Now that the Internet of people has screwed everyone, it's time for the Internet of things to screw up everything. That pretty much covers it.

๐Ÿ‘ป darkghost [OP] ยท 2025-03-10 at 13:10:

Sorry, I died because I didn't charge my water bottle and I forgot to drink water. The afterlife won't give me the Wi-Fi password so I'm using a very spotty cell connection to tell you something important: you have 4 eggs left. Also it's time to update the firmware in your light bulb. It's only 120 MB to download. You can schedule the update now or now.

๐Ÿš€ stack ยท 2025-03-10 at 20:06:

iDied is a connected coffin, providing updates to your dead feed to your favorite social media via wifi, via the cemetary's access point.

๐Ÿ‘ป darkghost [OP] ยท 2025-03-10 at 20:23:

Now that's a market disrupting idea if I've ever heard one! All that's missing is something AI related.

๐Ÿš€ stack ยท 2025-03-10 at 23:29:

Yes. AI and Etherium contracts, so you can surprise your loved ones by losing all their inheritance -- or doubling it...by trading after death

๐Ÿฆ wasolili [...] ยท 2025-03-11 at 03:05:

I think the question we all need to ask here, is why the fuck does every gadget, toy and random doohickey need wifi and bluetooth?

I would go a step further and ask why everything needs a computer in it at all. Once you've got a computer in something, justifying wifi becomes easy: "we need to enable simple software updates in case our shitty code is broken" or "automate stats tracking" or whatever

and once you've got wifi in your product, no matter how good the intentions behind including it were (though i doubt there were any good intentions in many cases), some genius business guy will say, "we can remotely disable this, right? let's switch to a subscription model. do you think we could get ads showing on this, too?"

which is probably the real answer to the "why wifi?" question for most products. An exercise bike can be completely mechanical, but throw a few dollars of electronics into it and you can show ads, integrate streaming services, brick it if a payment is missed, and charge activation fees if it's sold second-hand.

I'm surprised landlords haven't picked up on all the ways to exploit this trend by listing amenities that are actually subscription models. An in-unit washer/dryer combo that charges the tenant per use and part of that goes to the landlords bank account? That's just conniving enough to work. Throw in a refrigerator that plays ads for good measure

grumble grumble

๐Ÿ‘ป darkghost [OP] ยท 2025-03-11 at 11:16:

I mean I've lived in apartments where the washer had coin slots. Same thing really. And I still had to pay for the electricity to operate the damn thing.

๐Ÿ‘ป darkghost [OP] ยท 2025-03-11 at 16:13:

It was in the basement which is a "common area"

๐ŸŒฒ Half_Elf_Monk ยท 2025-03-11 at 17:43:

Incompetence is the majority, but conspiracies can leverage it to their own ends, so for security purposes it really makes no difference.

I suspect the impulse assimilate everything into the IoT is well-meaning hackers/makers who like the challenge. It's a fun hobby. The capitolization-for-currency is generally someone else with different aims.

Fortunately I live somewhere where there's a decent culture of secondhand stores, so I could pick up "analogue" exercise bikes for cheap... that work decently well. Or just take a walk. :)

Point of interest: Wouldn't it be great if you could buy something like an ESP32 from within your own country? Having a means of production in your own nation/people seems like a good move for security.

All that said, I'm wondering how much of a threat these commands present. If my device is compromised, this just increases the damage potential. But is this an attack vector that could compromise an otherwise secure device? (i.e., if someone puts their malicious water bottle next to my otherwise-secure coffee machine, can it establish a rogue bluetooth connection and make me demoralizingly bad coffee?)

๐ŸŒฒ Half_Elf_Monk ยท 2025-03-11 at 20:41:

@HanzBrix - Yep. And that's where the conversation shifts from the technical aspects to the "political economy" questions. Say what you will about the politicians who want to move production more locally / nationally, but it sure would be great if there were closer options. I bet people in the west could come up with appropriately competetive solutions if enough need is seen. "backdooring all your bluetooth" seems like it qualifies to me, but what do I know?

๐ŸŒฒ Half_Elf_Monk ยท 2025-03-11 at 20:49:

Brainstorming here: I wonder if it would be possible to have a thingiverse-style library of designs for PCB boards and microcontrollers, which could then be ordered through local-ish vendors who manufacture/assemble the parts for you. Making microcontrollers as small as TSMC/expressif does is amazing, but I'd rather buy a slightly slower one from a trusted source within my own country.

I'm thinking of something like JLCPCB but for microcontrollers as well as boards. That may not be possible, idk, but a half-elf-monk can hope. For example (HTTPS): https://jlcpcb.com/raspberry-pi-rp2350

โ€” https://jlcpcb.com/raspberry-pi-rp2350

Original Post

๐ŸŒ’ s/ESP32

๐Ÿ‘ป darkghost:

Undocumented commands found in ESP32 โ€” It seems suspicious as heck. [gemini link]

๐Ÿ’ฌ 20 comments ยท 2025-03-09 ยท 1 year ago