Hidden commands in Bluetooth chip pose security risks

Security researchers have found hidden commands in the ESP32 Bluetooth chip, used in over one billion devices worldwide. These undocumented commands could allow hackers to impersonate trusted devices and access sensitive information. The ESP32 chip, made by China's Espressif, is popular due to its low cost of about $2. Researchers from Tarlogic discovered 29 hidden functionalities that could be exploited for impersonation attacks. The issue is being tracked as CVE-2025-27840. Tarlogic has developed a new Bluetooth driver tool to assist in security research related to these vulnerabilities.