Diag| Considering item [tag:pappp.net,2026-06-10:/2486637] "German court rules Google is liable for whatever Google’s “AI” generates"
Diag| Considering item [tag:pappp.net,2026-06-01:/2484373] "Microsoft is intentionally bricking all Office for Mac 2019/2021 installations"
Diag| Considering item [tag:pappp.net,2026-06-01:/2484272] "Nvidia's Grace Blackwell superchips are officially coming to the PC with RTX Spark notebooks"
Diag| Considering item [tag:pappp.net,2026-05-30:/2483921] "Adding Linux support back for the BASIC (free) version of Vivado"
Diag| Considering item [tag:pappp.net,2026-05-30:/2483835] "Proposed new US funding rules: We can cancel any grant at any time"
Diag| Considering item [tag:pappp.net,2026-05-27:/2483228] "The exemptions in age-verification laws for open source operating systems are bad, actually"
Diag| Considering item [tag:pappp.net,2026-05-31:/2484064] "Mysteries of the Griffin iMate"
Diag| Considering item [tag:pappp.net,2026-05-23:/2482255] "AMD (Xilinx) is Excluding Linux From the Free Tier For Its FPGA Dev Tool"
Diag| Considering item [tag:pappp.net,2026-05-19:/2481210] "The Virtual OS Museum"
Diag| Considering item [tag:pappp.net,2026-05-19:/2481121] "Google changes its search box"
Diag| Considering item [tag:pappp.net,2026-05-15:/2480224] "Windows 11 tests an adjustable taskbar and resizable Start menu"
Diag| Considering item [tag:pappp.net,2026-05-15:/2480167] "Send the arXiv AI-generated slop, get a yearlong vacation from submissions"
Diag| Considering item [tag:pappp.net,2026-05-13:/2479471] "KDE Receives $1.4 Million Investment From Sovereign Tech Fund"
Diag| Considering item [tag:pappp.net,2026-05-12:/2479155] "Google's Android-powered laptops are called Googlebooks, and they're coming this year"
Diag| Considering item [tag:pappp.net,2026-05-07:/2478063] "Canvas is online again after ShinyHunters threaten to leak schools’ data"
Diag| Considering item [tag:pappp.net,2026-05-07:/2477845] "Aramark, University of Kentucky to end partnership, eliminating more than 900 jobs"
Diag| Considering item [tag:pappp.net,2026-04-29:/2475951] "Apple gives up on Vision Pro, disbands Vision Pro team"
Diag| Considering item [tag:pappp.net,2026-04-27:/2475199] "National Science Board eviscerated; Trump admin fires all 22 members"
Diag| Considering item [tag:pappp.net,2026-04-22:/2473947] "Windows 9x Subsystem for Linux"
Diag| Considering item [tag:pappp.net,2026-04-22:/2473882] "Acetaminophen vs. ibuprofen"
Diag| Considering item [tag:pappp.net,2026-04-20:/2473234] "Got an Old Kindle? It Might Not Work Anymore"
Diag| Considering item [tag:pappp.net,2026-04-17:/2472794] "Ban the sale of precise geolocation"
Diag| Considering item [tag:pappp.net,2026-04-15:/2472147] "Academic fraud may be the symptom of a more systemic problem"
Diag| Considering item [tag:pappp.net,2026-04-14:/2471801] "Why Aren’t the Kids Out Protesting Against Trump?"
Diag| Considering item [tag:pappp.net,2026-04-08:/2470398] "I ported Mac OS X to the Nintendo Wii"
Diag| Considering item [tag:pappp.net,2026-03-27:/2467289] "Author of Red Mars calls 'bullshit' on emigrating to the planet"
Diag| Considering item [tag:pappp.net,2026-03-25:/2466758] "Supreme Court rejects Sony's attempt to kick music pirates off the Internet"
Diag| Considering item [tag:pappp.net,2026-03-25:/2466743] "Tracy Kidder has died"
Diag| Considering item [tag:pappp.net,2026-03-23:/2466208] "FCC updates covered list to include foreign-made consumer routers"
Diag| Considering item [tag:pappp.net,2026-03-23:/2466050] "The OpenBSD init system and boot process"
Diag| Considering item [tag:pappp.net,2026-03-22:/2465869] "I hate: Programming Wayland applications"
Diag| Considering item [tag:pappp.net,2026-03-22:/2465853] "Building an FPGA 3dfx Voodoo with Modern RTL Tools"
Diag| Considering item [tag:pappp.net,2026-03-20:/2465513] "Our commitment to Windows quality"
Diag| Considering item [tag:pappp.net,2026-03-19:/2465298] "Minecraft Source Code Is Interesting"
Diag| Considering item [tag:pappp.net,2026-03-19:/2465184] "Google details new 24-hour process to sideload unverified Android apps"
Diag| Considering item [tag:pappp.net,2026-03-18:/2464917] "FBI is buying location data to track US citizens, director confirms"
Diag| Considering item [tag:pappp.net,2026-03-18:/2464827] "Forgetfulino 2.0.1 – never lose your Arduino sketch again"
Diag| Considering item [tag:pappp.net,2026-03-13:/2463634] "Digg is gone again"
Diag| Considering item [tag:pappp.net,2026-03-05:/2461309] "The great license-washing has begun"
Diag| Considering item [tag:pappp.net,2026-03-05:/2461226] "The Government Uses Targeted Advertising to Track Your Location"
Diag| Considering item [tag:pappp.net,2026-03-04:/2460816] "Government grant-funded research should not be published in for-profit journals"
Diag| Considering item [tag:pappp.net,2026-02-26:/2459140] "FTC declines to enforce a kids privacy law for data collected to verify users’ ages"
Diag| Considering item [tag:pappp.net,2026-02-26:/2459011] "Burger King will use AI to check if employees say 'please' and 'thank you'"
Diag| Considering item [tag:pappp.net,2026-02-25:/2458760] "Bcachefs creator insists his custom LLM is female and 'fully conscious'"
Diag| Considering item [tag:pappp.net,2026-02-25:/2458733] "The Misuses of the University"
Diag| Considering item [tag:pappp.net,2026-02-24:/2458494] "If you’ve been holding on to a phone for a while, current phones are really disappointing"
Diag| Considering item [tag:pappp.net,2026-02-23:/2457958] "Elsevier shuts down its finance journal citation cartel"
Diag| Considering item [tag:pappp.net,2026-02-19:/2457171] "California's new bill requires DOJ-approved 3D printers that report themselves"
Diag| Considering item [tag:pappp.net,2026-02-23:/2457921] "My journey to the microwave alternate timeline"
Diag| Considering item [tag:pappp.net,2026-02-17:/2456572] "BarraCUDA Open-source CUDA compiler targeting AMD GPUs"
Diag| Considering item [tag:pappp.net,2026-02-19:/2457227] "A beginner's guide to split keyboards"
Diag| Considering item [tag:pappp.net,2026-02-13:/2455560] "MyMiniFactory has Acquired Thingiverse Bringing Anti-AI Focus"
Diag| Considering item [tag:pappp.net,2026-02-11:/2455032] "Microsoft adds and fixes remote code execution vulnerability in Notepad"
Diag| Considering item [tag:pappp.net,2026-02-11:/2455001] "How Did the FBI Get Nancy Guthrie's Nest Doorbell Footage?"
Diag| Considering item [tag:pappp.net,2026-02-10:/2454754] "The Day the Telnet Died"
Diag| Considering item [tag:pappp.net,2026-02-09:/2454274] "Discord will require a face scan or ID for full access next month"
Diag| Considering item [tag:pappp.net,2026-02-04:/2452987] "Texas Instruments Acquiring Silicon Labs for $7.5 Billion"
Diag| Considering item [tag:pappp.net,2026-01-29:/2451557] "Slopaganda: AI images posted by the White House and what they teach us"
Diag| Considering item [tag:pappp.net,2026-01-29:/2451518] "SpaceX in Merger Talks with xAI"
Diag| Considering item [tag:pappp.net,2026-01-27:/2450729] "Xfwl4 – The Roadmap for a Xfce Wayland Compositor"
{"id":80171,"date":"2025-03-10T11:30:19","date_gmt":"2025-03-10T15:30:19","guid":{"rendered":"http:\/\/pappp.net\/?guid=8daf2ac47f257fe1fdc3cb2c83740e19"},"modified":"2025-03-10T11:30:19","modified_gmt":"2025-03-10T15:30:19","slug":"the-esp32-bluetooth-backdoor-that-wasnt","status":"publish","type":"post","link":"https:\/\/pappp.net\/?p=80171","title":{"rendered":"The ESP32 Bluetooth Backdoor That Wasn\u2019t"},"content":{"rendered":"

Source: Hack a Day<\/a><\/p>\n

Article note: I didn't post anything when that hype was passing through because I was pretty sure it was \"The documented API allowing an attached host to control the device.\"\nSure enough.<\/div>
\"\"<\/div>

Recently there was a panicked scrambling after the announcement by [Tarlogic] of a ‘backdoor’ found in Espressif’s popular ESP32 MCUs. Specifically a backdoor on  the Bluetooth side that would give a lot of control over the system to any attacker. As [Xeno Kovah] explains<\/a>, much about these claims is exaggerated, and calling it a ‘backdoor’ is far beyond the scope of what was actually discovered.<\/p>\n

To summarize the original findings<\/a>, the researchers found a number of vendor-specific commands (VSCs) in the (publicly available) ESP32 ROM that can be sent via the host-controller interface (HCI) between the software and the Bluetooth PHY. They found that these VSCs could do things like writing and reading the firmware in the PHY, as well as send low-level packets.<\/p>\n

The thing about VSCs is of course that these are a standard feature with Bluetooth controllers, with each manufacturer implementing a range of these for use with their own software SDK. These VSCs allow for updating firmware, report temperatures and features like debugging, and are generally documented (except for Broadcom).<\/p>\n

Effectively, [Xeno] makes the point that VSCs are a standard feature in Bluetooth controllers, which – like most features – can also be abused. [Tarlogic] has since updated their article as well to distance themselves from the ‘backdoor’ term and instead want to call these VSCs a ‘hidden feature’. That said, if these VSCs in ESP32 chips are a security risk, then as [Xeno] duly notes, millions of BT controllers from Texas Instruments, Broadcom and others with similar VSCs would similarly be a security risk.<\/p>","protected":false},"excerpt":{"rendered":"

Recently there was a panicked scrambling after the announcement by [Tarlogic] of a \u2018backdoor…<\/p>\n

Continue reading →<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[226],"tags":[],"class_list":["post-80171","post","type-post","status-publish","format-standard","hentry","category-news-2"],"_links":{"self":[{"href":"https:\/\/pappp.net\/index.php?rest_route=\/wp\/v2\/posts\/80171","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/pappp.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/pappp.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/pappp.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/pappp.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=80171"}],"version-history":[{"count":0,"href":"https:\/\/pappp.net\/index.php?rest_route=\/wp\/v2\/posts\/80171\/revisions"}],"wp:attachment":[{"href":"https:\/\/pappp.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=80171"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/pappp.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=80171"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/pappp.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=80171"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}