This post refutes the claim that researchers found a "backdoor" in ESP32 Bluetooth chips. What the researchers highlight (vendor-specific HCI commands to read & write controller memory) is a common design pattern found in other Bluetooth chips from other vendors as well, such as Broadcom, Cypress, and Texas Instruments. Vendor-specific commands in Bluetooth effectively constitute a "private API", and a company's choice to not publicly document their private API does not constitute a "backdoor".
Potato, potato…
Whether we call them ‘undocumented commands’ or a ‘backdoor’, the affect is more or less the same; a series of high-level commands not listed within the specs, preventing systems engineers/designers from planning around vulnerabilities and their potential for malicious use.
In that case, every stack that you use is riddled with those and we are all hosed. And yet somehow your computer, your phone and the internet keep on working most of the time.
I don’t get the downvotes, wether you call it backdoor or private API it’s a security hole, and nitpicking on its name won’t help fixing it.
It was all positive until the guy below me came in throwing insults. Then people started piling downvotes on both…
The dude that wrote this blog is a goof…
Idiot thinks these are two different things…
Are they are trying to argue that malicious intent is needed to define it as a back door?
Moron…
A backdoor requires malicious intent, otherwise it’s just a vulnerability
You’re very smart. I didn’t realize that until you called someone a goof, idiot and moron, but now it’s very clear that you have far superior intelligence.