Dekkia

It ain’t so.

To use the “backdoor” an attacker needs to have full access to the esp32 powered device already.

It’s like claiming that being able to leave your desk without locking your PC is a backdoor in your OS.

You can use an online tool to look up the Bluetooth [1] or Wifi [2] MAC of the device. If it’s espressive you’ve got one of their chips. That doesn’t guerantee that it’s not one of the others they make. You can also open up the device and look for the esp32. They almost always look the same with their metal can ontop.

The risk has been estimated as 0.3 out of 10

Don’t worry about it.

[1] https://ipnet.tools/bluetooth-device-address-lookup-tool [2] https://ipnet.tools/mac-lookup-tool

Someone correct me if i’m wrong, but it looks like it’s not the big deal the original blog post makes it out to be.

To issue those undocumented HCI commands one either needs to hijack a computer/soc/mcu that is connected to an esp32 with HCI UART transport enabled or put malicious software on the esp itself.

The mac spoofing might be interesting for people building hacking tools, however.

„Wir danken allen Einsendern und wollen nicht benötigte Tassen für soziale Zwecke spenden“

Wäre schön wenn sie sich an das Versprechen halten würden, aber CDU und versprechen sind halt so ne sache.

Just pick one of the many registrars and server hosts that don’t care about takedown requests and host a website with them.

That way it stays more accessible to everyone.

I agree in principle but using Tor won’t affect DMCA takedowns.