Bluetooth and WLAN chip ESP32 Backdoor in Bluetooth chip affects one billion devices

Related Vendor

Wuxi InfiMotion Technology Co., Ltd.

A serious security vulnerability that allows cyber attackers to infect IoT devices with malicious code and steal data can be found in the ESP32 chip. This ensures Bluetooth and Wi-Fi connections in millions of devices worldwide.

The security researchers at Tarlogic Security have discovered a hidden function that can be used as a backdoor in the ESP32 microcontroller. This is a mass-produced product from the manufacturer Espressif Systems that enables WLAN and Bluetooth connections. According to Espressif, one billion units of this chip have been sold worldwide to date. According to Tarlogic, if cyber criminals exploit this backdoor, they are able to carry out identity attacks and permanently infect sensitive devices such as cell phones, computers, smart locks or medical devices by bypassing code audit controls.

Backdoor enables data theft

The security researchers used the Bluetooth Security Assessment Methodology (BSAM) developed by Tarlogic to analyze several Bluetooth devices. This method is intended to standardize the security assessment of devices with Bluetooth technology. As the experts discovered, the ESP32 chip, which only costs around two euros and is therefore present in the vast majority of Bluetooth IoT devices, contains hidden commands that have not been documented by the manufacturer. These commands would make it possible to arbitrarily modify the chips to unlock additional functions, install malicious code and steal digital identities from affected devices.

Cyber actors could carry out device impersonation or spoofing attacks. Attackers create a fake Bluetooth device that pretends to be a legitimate device. If a user connects to such a device, the criminals can intercept keystrokes such as passwords, bank details or personal messages. There is also a risk of unauthorized remote control of the devices, as attackers can activate microphones or cameras unnoticed. But it's not just laptops and cell phones that are affected by the backdoor. Digital door locks and medical devices are also vulnerable.

Protection of IoT devices

Tarlogic does not provide any information as to whether the security researchers informed the chip manufacturer Espressif about the hidden functions. However, in their report, the researchers explain the "BluetoothUSB" tool, which they developed to carry out security tests on Bluetooth devices. The manufacturer presented the free tool at RootedCON, which took place in Madrid from March 6 to 8, 2025. BluetoothUSB is designed to facilitate security audits by allowing them to be carried out independently of the operating system and programming language of the device under test.

However, even without a security audit, private users and companies that use IoT devices can take measures to protect them:

• Update the firmware regularly.

• Use strong passwords and encryption. Pay particular attention to checking the default settings: Assign new passwords and deactivate functions that are not required.

• Restrict access to your devices by only allowing trusted devices and users.

Be Informed, Be Inspired

Follow Us on LinkedIn

_{Looking to stay in the loop with the latest updates and developments on LinkedIn? Join All-About-Industries to receive regular insights that keep you informed about technological advancements and market changes in the industrial sector. Don’t miss out on the knowledge that shapes the industries of tomorrow.}

Connect with us!