this post was submitted on 09 Mar 2025
0 points (NaN% liked)

Technology

82940 readers
2862 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
0
The ESP32 "backdoor" that wasn't | Dark Mentor LLC (darkmentor.com)
submitted 1 year ago by megaman@discuss.tchncs.de to c/technology@lemmy.world
7 comments fedilink hide all child comments
top 7 comments
sorted by: hot top controversial new old
[–] Godort@lemm.ee 1 points 1 year ago

I mean, this doesn't really change anything from a practical perspective. It just highlights that the verbage in the press release was alarmist.

It's still a security concern that most users will be unaware of.

[–] Darkassassin07@lemmy.ca 0 points 1 year ago (1 children)

Potato, potato....

Whether we call them 'undocumented commands' or a 'backdoor', the affect is more or less the same; a series of high-level commands not listed within the specs, preventing systems engineers/designers from planning around vulnerabilities and their potential for malicious use.

[–] ShadowRam@fedia.io 0 points 1 year ago (1 children)

The dude that wrote this blog is a goof....

defines backdoor as “relating to something that is done secretly

effectively constitute a “private API”, and a company’s choice to not publicly document their private API

Idiot thinks these are two different things....

Are they are trying to argue that malicious intent is needed to define it as a back door?

Moron..

[–] FanBlade@lemmynsfw.com 1 points 1 year ago

You’re very smart. I didn’t realize that until you called someone a goof, idiot and moron, but now it’s very clear that you have far superior intelligence.

[–] SpaceNoodle@lemmy.world 0 points 1 year ago (1 children)

Finally, some technical details that were sorely lacking from yesterday's article.

Anyway, having direct unprivileged R/W access to platform memory is indeed a security hole, no matter the vendor.

[–] pelya@lemmy.world 0 points 1 year ago (1 children)

Anyway, having direct unprivileged R/W access to platform memory is indeed a security hole, no matter the vendor.

It is not. ESP32 is an embedded chip with less than one megabyte of RAM. It cannot run apps or load websites with any malicious code, it only runs the firmware that you flash on it, nothing else, and of course your firmware has full access to every chip feature. If your firmware has a security hole, it's not the chip's fault.

[–] SpaceNoodle@lemmy.world -1 points 1 year ago

Try reading the article next time.