[anymouse123456]

Since the Snowden leaks in 2013, it just doesn't make sense that *any* foreign customers would put US technology inside their firewall. But they do.

It shocks me even more that any Western customer would do the same with network-connected Chinese chips. But we do.

The Espressif chips are truly incredible value, but what are we doing here?

Is there any doubt that these don't represent a major attack surface if a conflict were to heat up?

If you had network-connected chips of your own design inside every household of your adversary, what could you do with that?

[khalic]

It’s not like creating a chip gives you unfettered access to it. You _can_ add 0-day flaws and backdoors, but these can be discovered, leaked, etc. Has there been any case of such a backdoor built in consumer chips like theses? I’m not talking about CIA ops like snowden described, that’s supply chain interception. I mean, has anybody ever found such a backdoor?

[xondono]

Well, that depends on what you count as a backdoor, but Espressif has had some questionable flaws:

- Early (ESP8622) MCUs had weak security, implementation flaws, and a host of issues that meant an attacker could hijack and maintain control of devices via OTA updates.

- Their chosen way to implement these systems makes them more vulnerable. They explicitly reduce hardware footprint by moving functionality from hardware to software.

- More recently there was some controversy about hidden commands in the BT chain, which were claimed to be debug functionality. Even if you take them at their word, that speaks volumes about their practices and procedures.

That’s the main problem with these kinds of backdoors, you can never really prove they exist because there’s reasonable alternative explanations since bugs do happen.

What I can tell you is that every single company I’ve worked which took security seriously (medical implants, critical safety industry) not only banned their use on our designs, they banned the presence of ESP32 based devices on our networks.

[khalic]

You can hide malicious intent, so the repeated negligence patterns you’re pointing out make a better signal. Smart. Thx for the perspective

[albuic]

Obviously... They are not made for safety critical systems. It's for hobbyists.

[anymouse123456]

These parts are in a massive number of retail smart switches 3d printers and iOT devices.

They are definitely beyond a hobby device.

They're made well, designed well and the libraries are some of the best in class.

My concern is purely on risk.

What would any responsible state security agency spend to have devices behind every single firewall of an adversary?

[elevation]

Except if you penetrate the market with modules that cost 5% of similar US made solutions, you start to win mindshare. At least some of those hobbyists start making a product, and sometimes the determination of whether a product is "safety critical" isn't agreed upon until after it's failed catastrophically.