The ESP32 microchip, widely used for Wi-Fi + Bluetooth connectivity in IoT devices, has been found to contain 29 undocumented commands that act as a backdoor, allowing for memory manipulation, MAC address spoofing, and packet injection. This backdoor could be exploited for attacks, posing risks of malicious implementations at the OEM level and supply chain attacks. Spanish researchers Tarlogic Security presented their findings at RootedCON, highlighting the significance of the backdoor in such a widely used chip. The researchers developed a new tool for Bluetooth security research, enabling direct access to Bluetooth traffic. Espressif has not publicly documented these commands, raising concerns about potential vulnerabilities and exploitation.
https://www.bleepingcomputer.com/news/security/undocumented-backdoor-found-in-bluetooth-chip-used-by-a-billion-devices/