How many consumer devices do you think have this exact bluetooth chip?
Hundreds of millions. They’re used in an almost uncountable number of IoT devices. It’s entirely possible that there’s a handful of 'em, or more, in your house. Absolutely anything “smart” that uses WiFi or Bluetooth could have one including sprinkler controllers, door locks, lightbulbs, appliances both large and small, garage door openers, and remote controlled power plugs.
Espressif has sold a huge number of ESP32 chips. This isn’t some uncommon no-name manufacturer or chip. It’s used at scale and has been for years.
That you aren’t personally aware of it only means that you have a blind spot.
Hundreds of millions. They’re used in an almost uncountable number of IoT devices.
It’s only this specific chip that is affected. It’s not all bluetooth chips. The article doesn’t even specify which of their tens of chips is affected; ESP32-D0WD-V3, ESP32-D0WDR2-V3, ESP32-U4WDH, ESP32-PICO-V3, ESP32-PICO-V3-02, or the ESP32-PICO-D4.
Even if it were all of them, and even if it were hundreds of millions of devices it would still pale in comparison to HeartBleed in all aspects. It’s an interesting but sophisticated attack vector which severely limits its usage. But lets say you execute a MITM attack from one of these ESP32 chips. What are you feasibly able to do? A MITM attack? Considering these are all low power devices its extremely unlikely that they would be able to output enough power to overtake your home AP. Without doing more research on it, the actual attack surface is opaque. I mean, I guess a guy in China can remotely turn on your sprinklers or get your WiFi password… Lot of good that’s gonna do him from China.
Hundreds of millions. They’re used in an almost uncountable number of IoT devices. It’s entirely possible that there’s a handful of 'em, or more, in your house. Absolutely anything “smart” that uses WiFi or Bluetooth could have one including sprinkler controllers, door locks, lightbulbs, appliances both large and small, garage door openers, and remote controlled power plugs.
Espressif has sold a huge number of ESP32 chips. This isn’t some uncommon no-name manufacturer or chip. It’s used at scale and has been for years.
That you aren’t personally aware of it only means that you have a blind spot.
It’s only this specific chip that is affected. It’s not all bluetooth chips. The article doesn’t even specify which of their tens of chips is affected; ESP32-D0WD-V3, ESP32-D0WDR2-V3, ESP32-U4WDH, ESP32-PICO-V3, ESP32-PICO-V3-02, or the ESP32-PICO-D4.
Even if it were all of them, and even if it were hundreds of millions of devices it would still pale in comparison to HeartBleed in all aspects. It’s an interesting but sophisticated attack vector which severely limits its usage. But lets say you execute a MITM attack from one of these ESP32 chips. What are you feasibly able to do? A MITM attack? Considering these are all low power devices its extremely unlikely that they would be able to output enough power to overtake your home AP. Without doing more research on it, the actual attack surface is opaque. I mean, I guess a guy in China can remotely turn on your sprinklers or get your WiFi password… Lot of good that’s gonna do him from China.