Undocumented chip commands found in billion-device bluetooth chips

[Kamaji]

Undocumented chip commands found in billion-device bluetooth chips

Story by Alexander Clark
September 20, 2025

Recent discoveries by cybersecurity researchers have unveiled undocumented commands hidden within Bluetooth chips, potentially impacting over a billion devices globally. These functionalities, previously unknown to both manufacturers and users, introduce significant security risks. As these findings come to light, industries are urgently working to address vulnerabilities and mitigate the potential for exploitation.

Cybersecurity experts recently made a startling discovery involving hidden commands embedded in Bluetooth chips, as reported by Bleeping Computer. This revelation emerged through meticulous reverse engineering and testing of the chips, which revealed previously concealed functionalities. These commands, which were not documented in any official manufacturer guides or documentation, could potentially be used for a range of purposes.

*  *  *

Source:  https://www.msn.com/en-us/news/technology/undocumented-chip-commands-found-in-billion-device-bluetooth-chips

Edit (updated source link)

Link:  https://www.msn.com/en-us/news/technology/undocumented-chip-commands-found-in-billion-device-bluetooth-chips/ar-AA1MY8SP

[Smokin Joe]

Interesting...

"Whoops! This page doesn't exist or can't be found."

[Kamaji]

Interesting...

@Smokin Joe

Sorry!  Try this one:  https://www.msn.com/en-us/news/technology/undocumented-chip-commands-found-in-billion-device-bluetooth-chips/ar-AA1MY8SP

[Canuck Conservative]

China again?

[Smokin Joe]

@Kamaji Thanks!

Consider a scenario where a hacker could access a smart home system via these undocumented commands, gaining control over locks, cameras, and alarms. Similarly, in a corporate setting, these vulnerabilities could lead to unauthorized access to sensitive corporate data, potentially resulting in financial loss and reputational damage. The stakes are even higher when considering national security, where critical infrastructure could be compromised.

No mention of the possibilities of potentially accessing or compromising automotive systems using Bluetooth back doors. What seemed like a conspiracy theory just edged closer to (or passed into) the realm of possibility.

[roamer_1]

meh. Prolly debug commands that require hands-on.  Bluetooth and Wifi are pretty tight.

Kinda like your windows box being pretty easy to exploit if I am sitting with it at my bench - but that really doesn't matter, because in-situ, it sits behind a router, so all those exploits are pretty much made moot.

[bigheadfred]

The ubiquitous ESP32 microchip made by Chinese manufacturer Espressif and used by over 1 billion units as of 2023 contains undocumented commands that could be leveraged for attacks.

From this link:

https://www.bleepingcomputer.com/news/security/undocumented-commands-found-in-bluetooth-chip-used-by-a-billion-devices/

[roamer_1]

Yeah. Debug commands.

Ya want to know the REAL danger?
Look how they fixed it.

They are going to update the chip to take the commands out.
The real danger is not what the chip may or may not have onboard for commands. The real danger is that any chip can be updated at will.

Whoever can control that update channel, either for real or by spoof, can pump the commands they want into that chip at any time.

[Bigun]

I wonder how much shit like this could be found in our electronic voting devices if anyone cared to look?

[Cyber Liberty]

Yeah. Debug commands.

Ya want to know the REAL danger?
Look how they fixed it.

They are going to update the chip to take the commands out.
The real danger is not what the chip may or may not have onboard for commands. The real danger is that any chip can be updated at will.

Whoever can control that update channel, either for real or by spoof, can pump the commands they want into that chip at any time.

I noticed that in the article too.  What's keeping someone from adding nefarious commands in the normal procedure of Firmware Updates?  I get those a few times a year on this machine.

[Bigun]

I noticed that in the article too.  What's keeping someone from adding nefarious commands in the normal procedure of Firmware Updates?  I get those a few times a year on this machine.

What's to keep something from being included on a chip entirely undocumented? something like a modem that broadcasts and receives on a propriatory frequency for instance.

[roamer_1]

I noticed that in the article too.  What's keeping someone from adding nefarious commands in the normal procedure of Firmware Updates?  I get those a few times a year on this machine.

That's the thing. Yeah it's all encrypted, but at a chip level, that cannot be very complicated.

There is also necessarily, a single point of contact - No matter how obfuscated, that point of contact must be defined and maintained.

So crack the encryption, and sniff the transmission... spoof all that, and you're talking to the chip instead.

Now, that's a pretty simple understanding that really ain't all that simple... firmware usually is handled by the OS, but that really makes it easier, because the OS has its flaws too... and so it goes. 

[roamer_1]

What's to keep something from being included on a chip entirely undocumented? something like a modem that broadcasts and receives on a propriatory frequency for instance.

That really ain't that likely. At the EEPROM level, a chip's functions are relatively easy to deconstruct. That those functions may change at any given time... well, that's another thing altogether. You can't continue to keep watch very easily.