The ESP32 Bluetooth Backdoor That Wasn't by Maya Posch

**What was recently claimed about ESP32 MCUs?** It was recently claimed that *there was a backdoor on the Bluetooth side of ESP32 MCUs.* > **Did what was discovered actually constitute a backdoor?** > *No*, what was discovered didn't actually constitute a backdoor. **What were the findings of the researchers in investigating the ESP32?** In investigating the ESP32, researchers found that there were *Vendor-Specific Commands (VSCs) in the publicly available ESP32 ROM that could be sent via the Host-Controller Interface (HCI) between software and the Bluetooth PHY.* > **What could the Vendor-Specific Commands (VSCs) in the ESP32 ROM do?** > The VSCs in the ESP32 ROM could do *things like writing and reading the firmware in the PHY, and sending low-level packets.* **Are Vendor-Specific Commands (VSCs) a standard feature of Bluetooth controllers?** *Yes*, VSCs are a standard feature of Bluetooth controllers. ...