Vulnerability in Chinese ESP32 Chip Threatens Crypto Wallets

These hidden commands can be used for a wide range of attacks: from device counterfeiting and unauthorized access to compromising the entire network. This functionality allows hackers to manipulate devices by simulating legitimate connections and gaining access to sensitive information.

In addition, special attention was paid to the weak random number generator built into the ESP32. Due to its low entropy, it can be predicted, which opens the possibility of hacking cryptographic keys using brute force. This is especially dangerous for owners of hardware wallets, as it allows attackers to remotely determine private keys and gain access to funds.

Espressif acknowledged the presence of undocumented commands, but denied accusations of having a backdoor in its devices. The company's representatives promised to release a firmware update in the near future that will fix the problem and limit access to these commands.

Earlier, similar concerns arose regarding Apple processors. A group of American researchers discovered a vulnerability in the M1, M2 and M3 chips that allows the theft of cryptographic keys. What is particularly alarming is that in the case of Apple, complete protection is not possible: users of such devices are advised to completely delete crypto wallets to eliminate the risk of losing assets.

Thus, recent discoveries highlight the vulnerability of even the most seemingly reliable cryptocurrency storage solutions. Users are advised to closely monitor firmware updates and use additional security measures.