Edit: so yeah, further reading into this and some video later from LowLevel confirmed that this is quite nothing burger. The "vulnerability" is an undocumented HCI command. Host to Controller Interface. Meaning that it is something the HOST (the ESP) dispatch to the Bluetooth Interface. To take advantage of such a command, you need to already have access to the ESP32 in the first place.

So, the tl;dr is that the "vulnerability" only matters when the attacker has access to the device already. Not really that big of an issue. ~~an attacker can gain access to the ESP32 not the device that connects to the ESP themselves. I don't know how bluetooth pairing would behave when the device that once masquerade as a light switch now advertises themselves as smart watch. I presume it would require further confirmation from the user. If that is the case, then the danger is when ESP32 is used in a device that is already collecting sensitive information with an active bluetooth stack since that device can now be remotely hacked. But I will defer my judgement on this matter after the PoC has been demonstrated (can't find any demo of any proof of concept attack, just the same article copy pasted multiple times on different site)~~

[–] clothes@lemmy.world 3 points 2 months ago (1 children)

Am I correct that this would allow someone to remotely attack everything on my network, even non-ESP devices? So, my ESP lightbulb is putting my PC and phone at risk?

[–] Blue_Morpho@lemmy.world 3 points 2 months ago (1 children)

That's sort of true of all exploits. It needs someone in Bluetooth range to hack the esp32 at which point the esp32 could become a jump point for anything. Mind you any bad app on your phone could also be used to attack your PC. But if something is in Bluetooth range, they could just attempt to attack your phone/PC directly.

[–] clothes@lemmy.world 2 points 2 months ago

Technology is so fun... Thanks for putting this in perspective!