Technology

Because that's not about privacy, that's about the trade war. Retaliatory tariffs on US cars increase cost of cars for Canadians, as there are almost no car assembled in Canada. Reducing or eliminating tariffs on cars from China would lower cost of new cars for Canadians while keeping the tariffs up.

For privacy and security, not a single new car on the market is decent right now. That should be regulated, but that's no concern for any politician at the moment.

A lot of people are dumb. Or maybe because they feel offended because they are Chinese, but the reality is that every Chinese company is ultimately controlled by the CCP. If I was fighting a cold war, I would do the same. Sell compromised devices to my trade partners (AKA enemies) so I have leverage when I need it.

There's been a lot of that lately. Same here in New Zealand.

You dipshits, they're both the bad guys now.

Here’s an article with a bit more detail… but I’m still unclear whether these backdoor commands are hardware circuits or firmware logic.

Bleeping Computer: Undocumented "backdoor" found in Bluetooth chip used by a billion devices

There is nothing to "fix". Undocumented instructions have just been found in the silicon but they are not executable unless the ESP32's firmware their owner flashed to give it a purpose uses them. No pre-2025 firmware that we know of uses these instructions, and they might turn out to be buggy so compilers might not adopt them. If they turn out OK, the documentation of the instruction set will need an update, and compilers will be able to take advantage of the new instructions.

It ain't so.

To use the "backdoor" an attacker needs to have full access to the esp32 powered device already.

It's like claiming that being able to leave your desk without locking your PC is a backdoor in your OS.

Say it ain't so
Your bug is a heartbleeder
Say it ain't so
My NIC is a bytetaker

That's like saying "I want a list of all devices with ATmega328P." Anyone can make a unique device with this chip as the processor, in fact I have. It's a chip with an extremely low barrier of entry thanks to extensive documentation, lots of dev boards and libraries. Not as low as the 555 (lots of people's first IC) but WAY lower than anything you'd traditionally consider a 32-bit CPU.

Anyway, even if you obtained the list magically, it would be of little use. To be clear: this is not an exploit. The chip just has more instructions than previously thought – instructions that you write into your program when building an ESP32 device. This can make some programs a little faster or smaller but you still need to flash them onto the microcontroller – using physical access, OTA (if you set it up in the existing FW) or some exploit (in someone's OTA implementation, perhaps).

The article is talking about the Espressif ESP32 micro controller (has Wi-Fi/Classic Bluetooth/BLE).

I don't know if the variants of this chip also have the same vulnerability (my guess is yes). As someone who works on this chip, I'm interested in more discourse on this matter.

Which government's backdoors would you prefer?

"We know you have a choice in oppressive governments, so we appreciate you choosing ours."

True, but the ESP32 is used by a lot of devices. This backdoor is pretty huge in scope of devices impacted.