Researchers Discover Critical Bluetooth Chip Vulnerability That Can Be Exploited to Hack Devices

Security Flaw Discovered in ESP32 Bluetooth Chips Threatening Millions of Devices Worldwide

Cybersecurity researchers from “Tarlogic” have uncovered a serious security vulnerability in Bluetooth chips used in millions of devices worldwide, allowing hackers to access user data without permission. This flaw was revealed in a report published by Mashable and affects devices using the “ESP32” Bluetooth chip, manufactured by the Chinese company “Espressif.”

How Can the Flaw Be Exploited?

The security vulnerability enables attackers to perform a device impersonation attack, allowing them to connect to devices such as smartphones, computers, and smart home appliances, gaining access to the stored data. Additionally, hackers can exploit this flaw to gain full control over the device, enabling them to spy on users.

Information About the ESP32 Chip

The ESP32 chip is one of the most widely used Bluetooth chips in smart devices, supporting both Bluetooth and Wi-Fi connectivity. According to Espressif, the company sold one billion units of this chip worldwide in 2023, and it is used in millions of devices, including smart home appliances, due to its low cost of just about $2 per unit.

The Flaw in the Chip and the Threats It Poses

According to Tarlogic researchers, the flaw lies in a hidden command within the chip’s code that hackers can exploit to carry out device impersonation attacks and gain access to sensitive devices such as mobile phones, computers, smart locks, and even medical equipment. This vulnerability allows attackers to bypass code validation mechanisms typically used to protect devices.

New Tool Developed to Detect Vulnerabilities

The Tarlogic team developed a new tool to analyze Bluetooth drivers, which helped them discover 29 hidden functions within the chip that can be exploited for device impersonation and data access. These functions can be used to spoof trusted devices, increasing the potential for hackers to compromise devices and access user data.

Conclusion

This security flaw in the ESP32 Bluetooth chips poses a significant cybersecurity threat, especially since the chip is used in a vast number of smart devices worldwide. Users and developers are advised to take necessary precautions and ensure their devices are updated to mitigate potential risks.


Sources:

  • Mashable report
  • Tarlogic cybersecurity report
  • Espressif company data