Comment by ๐ฆ wasolili
Re: "Undocumented commands found in ESP32"
I think the question we all need to ask here, is why the fuck does every gadget, toy and random doohickey need wifi and bluetooth?
I would go a step further and ask why everything needs a computer in it at all. Once you've got a computer in something, justifying wifi becomes easy: "we need to enable simple software updates in case our shitty code is broken" or "automate stats tracking" or whatever
and once you've got wifi in your product, no matter how good the intentions behind including it were (though i doubt there were any good intentions in many cases), some genius business guy will say, "we can remotely disable this, right? let's switch to a subscription model. do you think we could get ads showing on this, too?"
which is probably the real answer to the "why wifi?" question for most products. An exercise bike can be completely mechanical, but throw a few dollars of electronics into it and you can show ads, integrate streaming services, brick it if a payment is missed, and charge activation fees if it's sold second-hand.
I'm surprised landlords haven't picked up on all the ways to exploit this trend by listing amenities that are actually subscription models. An in-unit washer/dryer combo that charges the tenant per use and part of that goes to the landlords bank account? That's just conniving enough to work. Throw in a refrigerator that plays ads for good measure
grumble grumble
2025-03-11 ยท 1 year ago
5 Later Comments โ
๐ป darkghost [OP] ยท 2025-03-11 at 11:16:
I mean I've lived in apartments where the washer had coin slots. Same thing really. And I still had to pay for the electricity to operate the damn thing.
๐ป darkghost [OP] ยท 2025-03-11 at 16:13:
It was in the basement which is a "common area"
๐ฒ Half_Elf_Monk ยท 2025-03-11 at 17:43:
Incompetence is the majority, but conspiracies can leverage it to their own ends, so for security purposes it really makes no difference.
I suspect the impulse assimilate everything into the IoT is well-meaning hackers/makers who like the challenge. It's a fun hobby. The capitolization-for-currency is generally someone else with different aims.
Fortunately I live somewhere where there's a decent culture of secondhand stores, so I could pick up "analogue" exercise bikes for cheap... that work decently well. Or just take a walk. :)
Point of interest: Wouldn't it be great if you could buy something like an ESP32 from within your own country? Having a means of production in your own nation/people seems like a good move for security.
All that said, I'm wondering how much of a threat these commands present. If my device is compromised, this just increases the damage potential. But is this an attack vector that could compromise an otherwise secure device? (i.e., if someone puts their malicious water bottle next to my otherwise-secure coffee machine, can it establish a rogue bluetooth connection and make me demoralizingly bad coffee?)
๐ฒ Half_Elf_Monk ยท 2025-03-11 at 20:41:
@HanzBrix - Yep. And that's where the conversation shifts from the technical aspects to the "political economy" questions. Say what you will about the politicians who want to move production more locally / nationally, but it sure would be great if there were closer options. I bet people in the west could come up with appropriately competetive solutions if enough need is seen. "backdooring all your bluetooth" seems like it qualifies to me, but what do I know?
๐ฒ Half_Elf_Monk ยท 2025-03-11 at 20:49:
Brainstorming here: I wonder if it would be possible to have a thingiverse-style library of designs for PCB boards and microcontrollers, which could then be ordered through local-ish vendors who manufacture/assemble the parts for you. Making microcontrollers as small as TSMC/expressif does is amazing, but I'd rather buy a slightly slower one from a trusted source within my own country.
I'm thinking of something like JLCPCB but for microcontrollers as well as boards. That may not be possible, idk, but a half-elf-monk can hope. For example (HTTPS): https://jlcpcb.com/raspberry-pi-rp2350
โ https://jlcpcb.com/raspberry-pi-rp2350
Original Post
Undocumented commands found in ESP32 โ It seems suspicious as heck. [gemini link]