On March 10, the Nancai Express Rumor Refutation Whirlwind Team noticed that Espressif Technology (688018. SH) Board of Directors issued a clarification on the official public account that there is no backdoor for the ESP32 chip.

According to Espressif, some media reports have recently reported that the Tarlogic research team has found a "backdoor" in the ESP32 chip. Notably, the original Tarlogic team manuscript was quickly revised to remove the word "backdoor". However, not all of the media reports that followed were updated and clarified accordingly. The Company would like to take this opportunity to clarify this situation with our users and partners.

According to Espressif, what the Tarlogic research team found was a debugging command for testing purposes, not a so-called backdoor. (That's why they later removed the word "backdoor," realizing that the original statement was misleading and misinterpreted by the media.) These debug commands are part of Espressif's ESP32 chip's implementation of the HCI (Host Controller Interface) protocol, which is used for internal communication in Bluetooth technology and between different Bluetooth layers within the product. The key points are as follows:

Internal debugging commands: These commands are for developers only and cannot be accessed remotely.

No remote access risk: These commands cannot be triggered via Bluetooth, radio signals, or the internet, so they will not cause ESP32 devices to be remotely attacked.

Security implications: Although these debug commands exist, they do not pose a security risk to the ESP32 chip by themselves.

Moreover, this discovery is only for the first generation of ESP32 chips, and the new ESP32 series chips have changed the architecture, including ESP32-C series, S series, H series, etc.

According to a previous article published on Tarlogic's official website, Tarlogic Security detected a backdoor in ESP32, a microcontroller that enables Wi-Fi and Bluetooth connectivity and is found in millions of mass-market IoT devices.

Using this backdoor, hostile actors can bypass code audit controls, carry out impersonation attacks, and permanently infect sensitive devices such as mobile phones, computers, smart locks, or medical devices.

According to the official website, Espressif Information Technology is a global fabless semiconductor company, focusing on the research and development of wireless communication chips with excellent performance and low power consumption. It has a series of core self-developed technologies, including Wi-Fi &Bluetooth LE &IEEE 802.15.4 protocol stack, RF technology, RISC-V MCU architecture, AI algorithms, operating systems, tool chains, AIoT software development frameworks, cloud services, etc., to achieve a closed loop of software and hardware research and development.

(Disclaimer: The content of this article is for reference only and does not constitute investment advice.) Investors act accordingly at their own risk. ）