Just read an article about a ‘forever flaw’ with ESP32 devises. https://www.infoq.com/news/2019/12/esp32-fatal-fury/
Is this still an issue? resolved by the mfr? date?
tia
ptegler
2 Likes
Yes. For affected devices
This is a physical attack meaning the attacker has the device in hands
At that point all security is lost.
This attack requires physical access to the device, and the time and resources to modify the device to apply fault injection.
correct ‘physical’ access… it’s call the supply chain. It happens on even big A---- software systems.
heck the US Gov (and a lot of BIG companies) got nailed with a backdoor as the result of alternations in the master software system that installs the updates. It’s the premise of many ‘software’ insertions… when hardware is ‘no longer’ what you think it is.
If you are really concerned about this, you should DEFINITELY stay away from home automation and ALL networked things. The only secure computer is the one turned off and then only as long as it is turned off and in your hands.
There are newer versions of the esp32, but it is likely just a matter of time before they give up their secrets too. The question is how much security do you need and how much are you willing to pay for it.?
This is what the exploit does:
This FATAL exploit allows an attacker to decrypt an encrypted firmware because he is now in possession of the AES Flash Encryption Key.
Worst case scenario, he is now able to forge his own valid firmware (using the Secure Boot Key) then encrypt it (using the Flash Encryption Key) to replace the original firmware PERMANENTLY.
This last post closes my security investigation on ESP32, which I consider now as a broken platform.
Most people doing esphome do NOT use the efuse and do NOT encrypt the firmware. I am not even clear how you could do that with esphome, but I suppose it is possible. Basically, you can’t trust secure boot on the esp32.
4 Likes
Actually you can’t trust TPM on any platform as it too, has already been hacked/broken.
The efuse can be burned for a any code locations/bit positions. ESPhome,… no access without the full libraries and coded as such. My concern was simply supply chain tampering, embedding backdoor tricks etc. I’ve got the software to burn the efuses as desired. (github I believe?) but didn’t want to waste a device just for giggles.
You seem knowledgeable about the issues, but I am unclear on what you are asking.
You literally asked if a HW defect in the esp32 chipset was fixed. There have been more recent versions that probably address the exact vulnerability. But as you are aware that TPM in general has also been exploited, you should know that security is always about how great an extent are you willing to go to protect something.
So, what question are you asking?
If you know you can’t completely trust security on any platform, what are you trying to protect and from whom?
4 Likes
Never was an issue when running ESPHome because this broken “security” feature isn’t used. 
So why are you posting in the esphome category then when it is not even related? 
it IS related as you are engaging an entire category of devices that have a security flaw BUILT IN! Correct, ESPHome does not include ‘coding’ to access or program the efuses. but that does not mean the ESPs can not be compromised BEFORE you even get your own hands on them! It’s flat out B.S. (or total crap design?) that it can’t be fixed considering how long the issue has been known. Supposedly the D0WD-V3 version of the chip has ROM checks to negate this issue, but no other version (as of any vendor published info avail to date), or info as to which ESP32 modules uses that chip.
And just for clarity, it is not a ‘hardware’ issue’ hardware without the firmware, does nothing. Firmware optimization and register use need to be re-eval’ed (??)
And you can NOT say this for whatever other hardware or even software? Cisco? Apple? Microsoft? Atlassian? Solarwinds? Just to name a few (in)famous examples 
To avoid supply chain attacks you might just want to stop the use of hard- or software completely and go back to pen and pencil 
1 Like
You do realize that nobody on this forum is likely responsible for any of the choices made by Espressif?
Also, what exactly is your goal with this thread?
Have you done a threat model that says you need to be concerned about this particular vulnerability of the esp32?
Since I never plan on burning the efuses of my esp32 chips, this particular issue doesn’t bother me. The fact that my old m stack devices use (probably counterfeit) FTDI chips and don’t work over 115K or that my new fire beetle 2’s use (possibly counterfeit) CH340 chipsets and don’t work at all with the latest driver (but do work with the older driver) impact me much more.
You could use the esp8266. It doesn’t have the vulnerability, but then it also doesn’t have the capability either. You could try the rp2040, but based on this thread, you will need to do a LOT more to get decent security. https://forums.raspberrypi.com/viewtopic.php?t=324901
So, what exactly are you trying to protect yourself from? Or, what are you trying to prevent others from doing to you or your things?
Or, are you suggesting that we all should stop using esp32 chips and that esphome should stop supporting them?
pagers come to mind… 
freakin’ hilarious. This thread started as a QUESTION to someone/anyone that might have been in the know. Regardles, thank you all for your responses.
At least I now know where to not bother presenting issues, where the dedicated supporters who have invested time and thought in the appliances of their desire, could care less about security of hardware (and their networks).
No, it is NOT the same as disk based stored software that you can decode/analyze/de-compile etc. YOU and I can NOT see what is there in a section of the firmware (well, by design…of course we can extract the firmware with other ‘toys’ …BUT NOT from this area of the ESP32) if the fuse is burned…
It sounds like you are part of the crowd that still believes the vendors saying Openseek doesn’t ping Chinese servers with your use is true or AI isn’t bigoted ha ha.
good night, good bye, thanks all.
Pretty sure most here would expect AI to be up to no good and prefer blocking their internet access to prevent what you mention. Run local or expect data loss.
And bigoted is a little much…AIs are biased is more accurate. Maybe train your own
We seek to help but your goal is unclear. You want secure hardware from distributors but this cannot be garunteed unless you watch design and build from cradle to grave and hand select. Look at what Apple does to ensure secure servers.
As I said this is not the location where anyone in the know of the internal details of the Espressif chips is likely to be.
https://www.esp32.com/ is a better place to ask your question.
Also, your question was not clear, because it looked to me like it WAS answered in the first response. The answer is Yes, it is still an issue. That seemed obvious, since it is literally a HW flaw, so there is no way to fix it with software.
The question seemed to morph into why would anyone use a product that has a flaw, which is not a bad question, but one that we each have to answer for ourselves.
Now the question seems to be how can we be sure what the product is doing if we can’t see the code, which of course the HW flaw allows you to do.
So, what was the question again?
Do you really want an answer?
1 Like
Am I safe because my devices are ESP82XX based?
No 
1 Like
I guess since I started this by asking a what ‘I’ thought was a simple Q… now I stumble on the bluetooth backdoor found in ALL ESP devices!
https://www.bleepingcomputer.com/news/security/undocumented-commands-found-in-bluetooth-chip-used-by-a-billion-devices/
Has been debunked as being a backdoor many times now.
3 Likes
ha… gotta’ believe, as well as appreciate… what people believe.
the chuckles are whether we care why people believe what we do (or not)
v/r.
Are you sure it is a backdoor and are your certain my esp8266’s are affected?
People believe about every lie and even build cults/religions based on them Paul 
1 Like