• socphoenix@midwest.social
      link
      fedilink
      English
      arrow-up
      12
      arrow-down
      2
      ·
      22 days ago

      The security researcher, LimitedResults, coordinated disclosure with Espressif on their advisory and details of the exploit. The attack works against eFuse, a one-time programmable memory where data can be burned to the device.

      By burning a payload into the device’s eFuse, no software update can ever reset the fuse and the chip must be physically replaced or the device discarded. A key risk is that the attack does not fully replace the firmware, so the device may appear to work as normal.

      Why does a random esp32 chip need efuses in the first place??

      • Dave.@aussie.zone
        link
        fedilink
        English
        arrow-up
        5
        ·
        edit-2
        21 days ago

        It’s designed and implemented for copy protection. Otherwise you can design a esp32 device that includes software you’ve written and 15 minutes later a clone device with exactly the same software will appear on <insert Chinese electronics website here>

        • socphoenix@midwest.social
          link
          fedilink
          English
          arrow-up
          1
          ·
          19 days ago

          I mostly understand how these fuses prevent say downgrading firmware, but could t a Chinese firm looking to clone one of these also just clone the number of blow. Fuses equally trivially if the goal is just an also working device with stock firmware?