My paranoid concern is that I’m going to buy these $2 ESP32 boards from some unknowable Chinese company, and how could I know if there’s an extra, malicious supervisor element added. So, my ESP32 devices live in the ‘untrusted’ VLAN. They could, theoretically, discover each other and send their sensor data to some nefarious broker, but they don’t have microphones or cameras. I don’t even see how they could get enough information to discover my physical address, without cooperation from my ISP.
Wasn’t there some kind of exploit found in ESP32s recently? Did that turn out to be nothing?
I’ve often wanted to get into them and that kind of intimidated me out of it at the time; haven’t had an opportunity to dive back in
I only one I know about https://socprime.com/blog/cve-2025-27840-vulnerability-in-esp32-bluetooth-chips/ which is a bluetooth thing, presumably meaning that you’d have to be in bluetooth range to exploit it.
My paranoid concern is that I’m going to buy these $2 ESP32 boards from some unknowable Chinese company, and how could I know if there’s an extra, malicious supervisor element added. So, my ESP32 devices live in the ‘untrusted’ VLAN. They could, theoretically, discover each other and send their sensor data to some nefarious broker, but they don’t have microphones or cameras. I don’t even see how they could get enough information to discover my physical address, without cooperation from my ISP.
Yes it was a overblown nothing.