• socphoenix
    link
    fedilink
    English
    arrow-up
    10
    arrow-down
    2
    ·
    2 days ago

    The security researcher, LimitedResults, coordinated disclosure with Espressif on their advisory and details of the exploit. The attack works against eFuse, a one-time programmable memory where data can be burned to the device.

    By burning a payload into the device’s eFuse, no software update can ever reset the fuse and the chip must be physically replaced or the device discarded. A key risk is that the attack does not fully replace the firmware, so the device may appear to work as normal.

    Why does a random esp32 chip need efuses in the first place??

    • Dave.@aussie.zone
      link
      fedilink
      English
      arrow-up
      3
      ·
      edit-2
      1 day ago

      It’s designed and implemented for copy protection. Otherwise you can design a esp32 device that includes software you’ve written and 15 minutes later a clone device with exactly the same software will appear on /<insert Chinese electronics website here/>