Secret commands found in the Bluetooth chip used in a billion devices

A potential security problem has been discovered by cybersecurity researchers who have the capacity to affect more than a billion devices.

According to researchers from the Cybersecurity Company TarlogicalA hidden order was found Coded in a Bluetooth chip installed in devices from around the world. This secret functionality can be armed by bad actors and, according to researchers, used as a feat in these devices.

Using these commands, hackers can pretend to be a trust device, then connect to smartphones, computers and other devices to access them. Bad players can continue to use their connection to the device to essentially spy on users.

The Bluetooth chip is called ESP32 and is manufactured by the Chinese espressive society. According to the researchers, the ESP32 is “a microcontroller that allows the WiFi and Bluetooth connection”. In 2023, Espressive reported that a billion in his ESP32 chip had been sold worldwide. Millions of IoT devices such as Smart devices use this particular ESP32 chip.

Tarlogic researchers say that this hidden order could be used, which would allow “hostile players to carry out identity attacks and permanently infect sensitive devices such as mobile phones, computers, intelligent locks or medical equipment by bypassing code audit orders.” Tarlogic says that these orders are not publicly documented by espressive.

Tarlogic researchers have developed a new Bluetooth Driver tool in order to help research on safety related to Bluetooth, which allowed the safety company to discover a total of 29 hidden features that could be used to usurp known devices and access confidential information stored on a device.

According to Tarlogic, Espressive sells these Bluetooth chips for around $ 2, which is why so many devices use the component on higher cost options.

As BIP computer Reports, the problem is followed as CVE-2025-27840.