Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Bluetooth exploits. Show all posts
location tracking
Bluetooth Bluetooth exploits Bluetooth Flaw Cyber Police Cyber Privacy Cyber Security cybersecurity risks location tracking

Axon Police Taser and Body Camera Bluetooth Flaw Raises Officer Tracking Concerns

 

Australian police may unknowingly be exposing their live locations through Bluetooth-enabled devices made by Axon. Researchers discovered that body cameras and tasers used across the country broadcast signals without modern privacy protections, potentially allowing anyone nearby to detect and track officers in real time. 

Unlike smartphones that randomize Bluetooth MAC addresses to prevent tracking, Axon devices reportedly use static identifiers. This means simple apps or laptops can detect nearby police equipment and reveal device details, coordinates, and movement patterns. 

A security researcher demonstrated the issue in Melbourne using publicly available Android software capable of identifying Axon devices. Custom tools reportedly extended the tracking range to nearly 400 meters, raising concerns for undercover officers, tactical teams, and police returning home after shifts. 

Experts warn criminal groups could deploy low-cost Bluetooth scanners across neighborhoods to monitor police activity, detect raids, or map officer movement in real time. The flaw has reportedly been known since 2024, when warnings were sent to police agencies, ministers, federal authorities, and national security offices urging immediate action. 

Internal reviews within Victoria Police reportedly acknowledged the threat and recommended protections for covert units. However, after discussions with Axon, the issue was later downgraded internally. Victoria Police later stated there had been no confirmed cases of officers being tracked through the devices. Police agencies across New South Wales, Queensland, Western Australia, South Australia, Tasmania, the Northern Territory, and the Australian Federal Police were also informed of the vulnerability. 

Most declined to explain whether officers were warned or if safeguards had been introduced. Researchers believe the flaw stems from hardware design rather than software alone, making simple patches unlikely to fully resolve the problem. Fixing it may require redesigning core system components entirely. 

Axon has acknowledged on its security pages that its cameras emit detectable Bluetooth and Wi-Fi signals and advises customers to consider operational risks before deployment in sensitive situations. Critics argue these warnings remain buried in technical documentation instead of being clearly communicated to frontline officers. 

The issue highlights growing concerns about modern policing’s dependence on connected technology. As law enforcement increasingly relies on wireless devices, AI systems, and cloud-based tools, small cybersecurity flaws can quickly become serious operational and physical safety risks.
Read more »
IoT device security
Bluetooth exploits Cyber Security ESP32 vulnerability Espressif security risk IoT device security

Undocumented ESP32 Commands Pose Security Risks, Researchers Warn

 

The widely used ESP32 microchip, manufactured by Chinese company Espressif and embedded in over a billion devices as of 2023, has been found to contain undocumented commands that could be exploited for cyberattacks.

These hidden commands enable threat actors to spoof trusted devices, gain unauthorized access to sensitive data, pivot within a network, and establish persistent control over affected systems.

Spanish cybersecurity experts Miguel Tarascó Acuña and Antonio Vázquez Blanco from Tarlogic Security uncovered these vulnerabilities and presented their findings at RootedCON in Madrid.

"Tarlogic Security has detected a backdoor in the ESP32, a microcontroller that enables WiFi and Bluetooth connection and is present in millions of mass-market IoT devices," the company stated in an announcement shared with BleepingComputer.

"Exploitation of this backdoor would allow hostile actors to conduct impersonation attacks and permanently infect sensitive devices such as mobile phones, computers, smart locks, or medical equipment by bypassing code audit controls."

The researchers highlighted that ESP32 is one of the most commonly used chips for Wi-Fi and Bluetooth connectivity in IoT devices, making the potential impact significant. They noted that while interest in Bluetooth security research has declined, this is not due to increased security but rather the lack of effective tools and updated research methodologies.

To address this gap, Tarlogic developed a C-based, cross-platform USB Bluetooth driver that bypasses OS-specific APIs, providing direct hardware access. Using this tool, they discovered 29 undocumented vendor-specific commands (Opcode 0x3F) embedded in the ESP32 Bluetooth firmware. These commands facilitate low-level control over Bluetooth functionality, including RAM and Flash memory manipulation, MAC address spoofing, and LMP/LLCP packet injection.

Espressif has not publicly documented these commands, raising concerns about whether they were intentionally left accessible or unintentionally exposed. The vulnerability has now been assigned CVE-2025-27840.

Potential risks include supply chain attacks and unauthorized firmware modifications at the OEM level. Depending on how Bluetooth stacks handle HCI commands, remote exploitation could be possible through malicious firmware or rogue Bluetooth connections. However, the most realistic attack scenario would involve an attacker gaining physical access to a device via its USB or UART interface.

"In a context where you can compromise an IoT device with an ESP32, you will be able to hide an APT inside the ESP memory and perform Bluetooth (or Wi-Fi) attacks against other devices while controlling the device over Wi-Fi/Bluetooth," the researchers told BleepingComputer.

"Our findings would allow for complete control over ESP32 chips and the ability to establish persistence via commands that modify RAM and Flash."

"Also, with persistence in the chip, it may be possible to spread to other devices because the ESP32 allows for the execution of advanced Bluetooth attacks."

BleepingComputer reached out to Espressif for a statement, and while an immediate response was unavailable, the company later issued a clarification on March 10, 2025.

Espressif acknowledged the existence of the undocumented commands, stating they were intended as debug tools for internal testing.

"The functionality found are debug commands included for testing purposes," reads Espressif’s statement.

"These debug commands are part of Espressif’s implementation of the HCI (Host Controller Interface) protocol used in Bluetooth technology. This protocol is used internally in a product to communicate between Bluetooth layers."

Despite downplaying the security risks, Espressif assured that the debug commands would be removed in an upcoming software update.

"While these debug commands exist, they cannot, by themselves, pose a security risk to ESP32 chips. Espressif will still provide a software fix to remove these undocumented commands," the statement concluded.
Read more »
Subscribe to: Posts (Atom)