This is misinformation- why spread links your don’t understand? Is this russia??
Whats misinformation about it? To say “this is misinformation” and not explain why can be a form of misinformation in itself.
The article does say it previously called this a “backdoor” and has been changed. Otherwise it seems to be fairly factual although the person it quotes continues to use the term “backdoor”.
To say its a backdoor does infer this is deliberate or some motivation to concealing the prescence of these commands - there is no evidence for this whatsoever and there is no evidence there is malign intent. Most chips likely have undocumented commands used by the chipmakers.
However it is fair to say this is a potential security risk if these commands are not locked down in production and could be used as an attack vector. Even if they could be used to scrape information that would be concerning. But we’d need to know more detail.
If its been covered better elsewhere please share it as that is a netter counter to misinformation than just saying misinformation.
The issue is if it can be used as an attack vector. The article and the presentation that was translated indicates it is, but it seems to require root/firmware access to the device. Thats like saying your fridge is insecure as I can open it if i manage to break into your house.
The issue with links like this is that its been discussed in many places all over the internet, but the link was still posted without op doing due diligence. Maybe not done in bad faith, but it still spreads misinformation. Like I said; why post if you don’t understand or can verify? Clicks and points??
Ever heard of lateral movement? Just because they don’t use this exploit to kick in the front door doesn’t mean that they can’t use it to steal all your information or attack others once they’re in.
Yeah - but it’s not presented as: this could be harmful for your compromised devices. If it was I would have no objections
Can you give us some more information on what’s false?
It’s a common way to interface with subsystems like wifi/bt/802.15.4 etc. you need physical access to the device or the ability to infect the firmware. If you can flash the device with your own firmware it’s already compromised
More info on the HN thread discussing the article. I dont read HN, but top comments had a bit more insights than the scare-mongering «news» article
Thanks, added the link to the post
Thx, that’s helpful.
