Anyway, having direct unprivileged R/W access to platform memory is indeed a security hole, no matter the vendor.
It is not. ESP32 is an embedded chip with less than one megabyte of RAM. It cannot run apps or load websites with any malicious code, it only runs the firmware that you flash on it, nothing else, and of course your firmware has full access to every chip feature. If your firmware has a security hole, it’s not the chip’s fault.
Finally, some technical details that were sorely lacking from yesterday’s article.
Anyway, having direct unprivileged R/W access to platform memory is indeed a security hole, no matter the vendor.
It is not. ESP32 is an embedded chip with less than one megabyte of RAM. It cannot run apps or load websites with any malicious code, it only runs the firmware that you flash on it, nothing else, and of course your firmware has full access to every chip feature. If your firmware has a security hole, it’s not the chip’s fault.
Try reading the article next time.
There was no mention of over-the-air exploit, so eh.