This post refutes the claim that researchers found a "backdoor" in ESP32 Bluetooth chips. What the researchers highlight (vendor-specific HCI commands to read & write controller memory) is a common design pattern found in other Bluetooth chips from other vendors as well, such as Broadcom, Cypress, and Texas Instruments. Vendor-specific commands in Bluetooth effectively constitute a "private API", and a company's choice to not publicly document their private API does not constitute a "backdoor".
I don’t get the downvotes, wether you call it backdoor or private API it’s a security hole, and nitpicking on its name won’t help fixing it.
It was all positive until the guy below me came in throwing insults. Then people started piling downvotes on both…